New Articles

Is It You Or An ID Thief? How AI Uses Document Verification To Keep You Safe.

verification

Is It You Or An ID Thief? How AI Uses Document Verification To Keep You Safe.

It’s a moment most people have experienced.

You’re required to show your ID for something and you wait as the person studies both your face and the photo on the driver’s license, passport, or another document, making sure you’re not an impersonator trying to pull a fast one.

These days, artificial intelligence is playing a role similar to that security person, with software that allows validation of IDs remotely through digital document verification. This way you can do business through your smartphone, and someone on the other end can make sure you’re who you say you are and that a thief hasn’t stolen your identity.

And that’s especially important at a time when identity theft has been on the rise, says Stephen Hyduchak, CEO of Aver (www.goaver.com), an identity-verification service.

“Fraudsters are getting creative, but so is technology,” Hyduchak says. “It’s important to keep up because there are so many ways to create fake documents that allow someone to claim to be you and maybe even get away with it.”

Hyduchak says there are a few categories of document fraud:

Illegitimate documents. These documents are completely false. They have characteristics such as missing holograms or other current standards that are essential parts of a legitimate version of that document.

False documents. This is a document that belongs to one person, but that another person tries to use in an effort to authenticate himself.

Modified documents. This is when an original document is altered. Hyduchak says the alterations can be caught with software that detects whether fonts and text match the originals.

How do fraudsters even get the ID documents to start with? Hyduchak says it’s a matter of data security breaches – and often a combination of more than one breach. He gives this example. Just recently, the cryptocurrency exchange Binance, using a third-party Know-Your-Customer (KYC) provider, was the victim of a hack that leaked over 10,000 photographs of purported Binance KYC data. This breach affected up to 60,000 people.

“On Binance, users buy and sell cryptocurrency, something that is privacy-centric by its very nature, but still vulnerable,” Hyduchak says. “Coupling leaks like this with major data breaches like Equifax and Target, our personal information can be manipulated for the fraud with some basic photoshop work.”

A digital verification process is one way to head off any subterfuge, Hyduchak says. For example, his company has a program that works this way: The user captures a picture of their ID or passport using their smartphone. The user then takes a selfie to verify they are the same person pictured on the ID or passport. Facial recognition software compares the images through algorithms.

“As time goes on,” Hyduchak says, “I think you are going to see digital facial checks become the standard for ID verification, and that will eliminate most types of fraud.”

_____________________________________________________________

Stephen Hyduchak is the CEO of Aver (www.goaver.com), an identity-verification service. Hyduchak worked in corporate finance for companies such as PRA Health Sciences before finding the entrepreneur bug. He began working on media and design for small businesses, which led him to consulting projects in the blockchain space, and eventually to founding Aver.

healthcare

5 Ways For Healthcare Providers To Build A Fortress Against Cyber Threats

The healthcare industry has yet to find a cure for cyberattacks. Housing personal health data, all kinds of providers are vulnerable targets of hackers and patient care can be put at great risk.

News of breaches in healthcare computer systems is a regular occurrence. Over 100,000 medical records were recently leaked as a result of a data breach at a Montana hospital. And research this year showed an upsurge in malware attacks on healthcare providers. Phishing messages, a means of malware delivery via email, have been found to come in the form of alerts from the US Centers for Disease Control and Prevention (CDC).

As cyberattacks become more sophisticated and widespread, the need for adequately securing computer networks at hospitals and all medical facilities has never been greater, says Alex Zlatin, CEO of Maxim Software Systems (alexzlatin.com).

“The costs of cyberattacks for healthcare providers can be enormous,” Zlatin says, “but how hackers can literally stop facilities from functioning and keep patients from getting care and medication should get everyone’s attention. “It’s all about prevention, and for many providers, being secure as possible will involve a retooling and re-thinking of how they approach cybersecurity from the human and technological standpoints.”

Zlatin provides five tips for healthcare providers to better protect against cybersecurity threats:

-Educate employees about phishing attacks. Many breaches start with human error. Employees make the mistake of responding to an email, link or website designed by hackers to access private information. “Email is a popular phishing technique,” Zlatin says. “The best ways to prevent them from doing damage are to educate your employees on what suspicious emails look like and to use strong email spam filters. Also, your software should automatically scan any links or attachments. This prevents new or unrecognizable URLs from sneaking past company safeguards.”

-Beware of ransomware. Ransomware has been a big menace to the healthcare industry, holding data for ransom, paralyzing facilities and putting patients at risk. Zlatin says the first step in dealing with ransomware is backing up your system, ideally with a cloud backup to protect data. “Failure to do backup can cause irreparable damage,” he says. “And while hackers continually find ways to infiltrate, your security software should contain the most updated anti-malware and anti-ransomware protection. When a ransomware attack occurs, the first thing employees should do is contact their IT team — not try to resolve it themselves.”

-Have a top-down security program. There can be a disconnect and gaps in cyber security procedures when a medical facility’s security staff and IT team don’t overlap. “Including cybersecurity duties at a managerial level, perhaps even as an executive position, can ensure that correct initiatives are created, launched, and enforced, and that funding for security initiatives is available,” Zlatin says. “This also helps enforce regular risk assessment, which should be part of any healthcare provider’s cybersecurity threat program.”

-Make sure vendors have protection. The Healthcare Industry Cybersecurity Task Force, which was established by the U.S. Department of Health and Human Services and the Department of Homeland Security, warned providers about areas of security vulnerability in the supply chain. “Vendors should take the proper steps to detect threats,” Zlatin says. “They include all healthcare business partners, such as insurance companies and infrastructure providers, all of whom should have good security records and be able to protect medical information. It’s especially important for organizations that outsource IT personnel from third-party vendors.”

-Update passwords often. “Using the same passwords for most platforms is a big mistake,” Zlatin says. “It increases vulnerabilities. If a criminal discovers one password used for several accounts, it leads to a disastrous theft of data. So, have employees generate new passwords periodically and not get stuck on convenience.”

“Too often, many healthcare facilities aren’t vigilant enough about defending their medical records security,” Zlatin says. “Healthcare providers face a constant threat that requires constant vigilance because they and their patients have too much to lose.”

________________________________________________________________

Alex Zlatin, author of the book Responsible Dental Ownership (alexzlatin.com), had more than 10 years of management experience before he accepted the position of CEO of dental practice management company Maxim Software Systems. He earned his MBA at Edinburgh Business School and a B.Sc. in Technology Management at HIT in Israel.

His company helps struggling dental professionals take control of their practices and reach the next level of success with responsible leadership strategies.

 

 

cybersecurity

A Cybersecurity and Artificial Intelligence Forecast for 2020

As a cybersecurity and artificial intelligence innovator, we are often asked about our predictions for the year to come. AI, in all its flavors, is a hot technology and it is being applied in many fascinating and powerful ways. Our focus, of course, is on using deep learning to advance the standards in malware detection (and we see a lot of good happening in that regard) so we bring a unique perspective to these two areas.

And not to brag, but when the question came up last year we provided a modest forecast that turned out to be fairly accurate. Here’s a quick recap:

-We said that AI would be a key component to the delivery and management of 5G wireless services, which is in-line with what the industry is now saying about its roll-out.

-Our bet was behind the emergence of AI-as-a-Service. It’s comforting to know that Microsoft CEO Satya Nadella agrees, and sees a $77 billion market by 2025, according to Motley Fool.

-Last year we predicted the emergence of more sophisticated learning techniques, advancing the capabilities and efficacy of machine learning and deep learning algorithms, and that has been happening.

-We’ll even take credit for our prediction that AI in all its forms would see greater commercialization and consumerization, even though that one was probably self-evident in hindsight. Development and improvement in products like smart assistants, smartphones, autonomous vehicles, medical devices and more will continue apace now that AI is mainstream.

So what can we expect for 2020? We’re going to keep our forecast in the realm of cybersecurity and AI this year, looking at both the threat landscape and the emergence of innovative defenses. Here are five trends we see developing in the new year.

Cybercrime will focus on ransomware and cryptojacking

The focus of the global hacker community will shift to emphasize ransomware and cryptojacking. Ransomware has proven to be a lucrative source of income for hackers, and as associated malware and delivery techniques become more effective, that is only going to embolden them. Most hackers launch attacks from locations beyond the reach of U.S. authorities, and they collect payments in the form of cryptocurrency to minimize the risk factor of their illicit endeavors. And as cryptocurrency becomes more mainstream, we foresee a sharp increase in attacks intended to hijack computing resources to power the computations necessary to “mine” coins. What we’re seeing in Blue Hexagon Labs research is that cryptojacking attacks appear to have an inverse relationship to ransomware attacks. This is likely driven by hacker motivations; as the value of cryptocurrency increases, it may be more lucrative (and easier) to focus on cryptojacking than ransomware.

Malware-as-a-Service becomes increasingly sophisticated

Criminal hackers are innovators and entrepreneurial (even if they are evil, self-centered, and destructive innovators and entrepreneurs). As such, they are keen on minimizing cost and risk, and one way they are doing that is by productizing their tools and skills. As a result, Malware-as-a-Service hacking groups are now selling kits and automated services on dark web marketplaces. In March of this year, we wrote about Gandcrab ransomware-as-a-service. We will see these services increase in sophistication in the coming year–for example, the ability to select customizations such as the type of obfuscation or evasion techniques, and the way the malware is delivered. This will make it easier for anyone to get in on the malware game, creating a force multiplier effect that will increase the number of threats enterprises will face in the years to come.

First malware using AI-Models to evade sandboxes will be born in 2020

Malware developers already use a variety of techniques to evade sandboxes. A recent article explained that “Cerber ransomware runs 28 processes to check if it is really running in a target environment, refusing to detonate if it finds debuggers installed to detect malware, the presence of virtual machines (a basic “tell” for traditional sandboxes), or loaded modules, file paths, etc., known to be used by different traditional sandboxing vendors.”

In 2020, we believe that new malware–using AI-models to evade sandboxes–will be born. This has already been investigated in academia. Instead of using rules to determine whether the “features” and “processes” indicate the sample is in a sandbox, malware authors will instead use AI, effectively creating malware that can more accurately analyze its environment to determine if it is running in a sandbox, making it more effective at evasion. As a result of these malware author innovations and existing limitations, the sandbox will become ineffective as a means to detect unknown malware.  Correspondingly, cybersecurity defenders’ adoption of AI-powered malware defenses will increase.

The rollout of 5G networks will bring new attack vectors

The infrastructure needed to roll out and manage new 5G networks requires a more complex, software-defined architecture than older communication networks. This new architecture means services will operate within a more complex environment with a broader attack surface that requires more security diligence on the part of the service providers. In addition, the advent of 5G networks will enable more endpoint devices that will require security at the network edge. Hackers, in particular, nation-state threat actors, will work hard to find and exploit weaknesses in this architecture to intercept traffic, disrupt services, and deliver payloads to endpoints and networks.

Privacy regulations drive more spending in cybersecurity

The European Union’s General Data Protection Regulation (GDPR) has inspired a number of privacy regulations, including the new California Consumer Privacy Act (CCPA). In the CCPA, California has created a combined privacy and breach disclosure law that goes into effect on January 1, 2020. The office of the California attorney general recommends NIST (800-53 or CSF) or ISO 27001 as their standards for implementation, and uses CIS Controls for security program guidance. That means an emphasis on malware detection and prevention, and with data breach violations reaching hundreds of millions of dollars in the EU and U.S., we predict CCPA and the recent history of enforcement will drive a significant increase in cybersecurity spending.

Even though the overall theme of these predictions suggests increasing threats and risks to the enterprise, we do see cause for optimism. Our experience with the application of deep learning to meet the challenges of threat detection and prevention give us hope that, as our efforts and those of other innovators continue and build momentum, we are confident that 2020 will be regarded as the year our industry finally turned the tide against hackers.

hackers

Hackers Covet Your Identity; 5 Ways To Thwart Their Efforts To Steal It

Each day people take a virtual trip through the internet to do their banking, make hotel reservations, shop for a new car, or engage in a myriad of other activities important to them.
It’s so routine that it’s easy to forget that you need to be just as careful about protecting yourself on those virtual journeys as you would on an actual one.
Hackers are creative about dreaming up new ideas for stealing your identity, so it’s important that you stay vigilant even if you already have taken action to guard yourself and your data,” says Chris Hoose (www.choosenetworks.com), an IT consultant who works with small businesses.
Hoose says a few steps you can take to protect your identity include:
Use a password manager. One problem with passwords is that people often use simple ones that are easy to remember, but also easy to hack. A password manager provides an encrypted database where you can store unique, long, complex passwords for each of your online accounts, and access them when you need them. “With a password manager, you can have better passwords that are harder to hack, and you don’t have to memorize them,” Hoose says.
Do your online activities with a VPN. Worried that your online browsing will lead identity thieves right back to you? One solution, Hoose says, is a virtual private network (VPN), which lends you a temporary IP address and hides your true IP address from every website or email you connect with. “It also prevents the sites you visit from learning your physical location,” he says. “You just need to remember to connect to it when you want to use it.” A VPN usually costs about $40 to $50 a year, he says.
Be wary on social media. Most people check in on social media routinely to catch up on family news, connect with college buddies, or perhaps to share photos of a new puppy. Unfortunately, cyber thieves lurk in the background. “They know that social media platforms are an excellent source for personal information and information about your contacts, which makes identity theft that much easier for them,” Hoose says. To stay safe on social media, he suggests you check to see if you have already been compromised; avoid password reuse; update your security settings regularly; and limit your connections because the more you have, the more potential for a fraudulent or compromised account to send you a malicious link.
Keep tabs on your credit report. One way to make sure no one has taken on debt in your name, and damaged your credit in the process, is to request a full credit report from any of the three major agencies: Equifax, TransUnion and Experian. You can get a free copy from any of them through the site www.annualcreditreport.com. Also, it might be time to get off the mailing list for all those credit offers you receive that say you are pre-approved. “Those offers are a gold mine for identity thieves,” Hoose says. You can opt out of pre-approved credit offers by visiting www.OptOutPrescreen.com.
Be sure to install anti-virus/malware software. Your first and best line of defense against identity theft on your computer remains anti-virus software and anti-malware software, Hoose says. When choosing one, he suggests making use of the trial period most companies offer. “That way you can try them out and decide which one works best for you,” he says.
“The more people try to foil identity thieves, the more sophisticated those thieves seem to get in their methods,” Hoose says. “But by being watchful and attentive, you can stay safe and enjoy your time online.”
________________________________________________________
Chris Hoose (www.choosenetworks.com) is the president of Choose Networks, an IT consulting firm for small businesses. Hoose started the company in 2001 to give large-scale solutions and support to businesses that can’t afford their own in-house IT department. He earned a Master of Information Systems Management from Friends University.