TechNews
Sophos launches four new Open Artificial Intelligence developments
… SophosAI Advances the Practices and Language that Will Transform the Cybersecurity Industry with Much-needed Transparency and Openness
Sophos, a global leader in next-generation cybersecurity, today announced four new open Artificial Intelligence (AI) developments to help broaden and sharpen the industry’s defenses against cyberattacks, including datasets, tools and methodologies designed to advance industry collaboration and cumulative innovation.
This move accelerates a key Sophos objective to open its data science breakthroughs and make the use of AI in cybersecurity more transparent, all with the aim of better protecting organizations against all forms of cybercrime.
While it is common practice to share AI methodologies and findings in other industries, cybersecurity has lagged in this effort, creating a noisy understanding of how AI truly provides protection against cyberthreats.
Sophos and its team of SophosAI data scientists are catalyzing this change toward openness, so that IT managers, security analysts, CFOs, CEOs, and others making security buying or management decisions, can discuss and assess AI benefits from a level and well-informed playing field.
“With SophosAI’s new initiative to open its research, we can help influence how AI is positioned and discussed in cybersecurity moving forward. Today’s cacophony of opaque or guarded claims about the capabilities or efficacy of AI in solutions makes it difficult to impossible for buyers to understand or validate these claims. This leads to buyer skepticism, creating headwinds to future progress at the very moment we’re starting to see great breakthroughs,” said Joe Levy, chief technology officer, Sophos. “Correcting this through external mechanisms like standards or regulation won’t happen quickly enough. Instead, it requires a grassroots effort and self-policing within our community to produce a set of practices and language that will advance the industry in a disruptive, open and transparent manner.”
It is difficult to overstate the criticality of this shift given the immense potential of how AI can benefit cybersecurity.
Sophos evidence shows that defenders are increasingly facing human adversaries who are constantly upping their game, launching highly contextualized Business Email Compromise (BEC) forgery campaigns or relentlessly developing new ransomware attacks.
Scalable and effective defenses against these and most other types of cyberattacks require assistance from AI. Openness and peer review among those applying AI to address these security threats stimulate innovation and discoveries, driving the entire industry forward.
Sophos is providing datasets, tools and methodologies in four important areas:
SOREL-20M Dataset for Accelerating Malware Detection Research
SOREL-20M, a joint project between SophosAI and ReversingLabs, is a production-scale dataset containing metadata, labels and features for 20 million Windows Portable Executable files (PE). It includes 10 million disarmed malware samples available for download for the purpose of research on feature extraction to accelerate industry-wide improvements in security. This dataset is the first production scale malware research dataset available to the general public, with a curated and labelled set of samples and security-relevant metadata.
AI-powered Impersonation Protection Method
SophosAI’s Impersonation Protection is designed to protect against email spearphishing attacks, where influential people are impersonated to trick recipients into taking some harmful action for the benefit of the attacker.
This new protection compares the display name of inbound emails against high level executive titles – those most likely to be spoofed in a spearphishing attack, such as a CEO, CFO or president – that are unique to specific organizations and flags these messages when they appear suspicious.
Sophos has trained the AI working behind the scenes on a large sample set of millions of known attack emails.
SophosAI has opened up this innovative new protection method, which it has also discussed publicly at Defcon 28 and in an Arxiv paper.
Digital Epidemiology to Determine Undetected Malware
SophosAI has also built a set of epidemiology-inspired statistical models for estimating the prevalence of malware infections in total, which enables Sophos to estimate – and in turn enabling a better chance to find – the needles in a PE file haystack. SophosAI has pioneered and made publicly available this method that helps to determine malicious “dark matter,” malware that might be missed or wrongly classified, and “future malware” that is in development by attackers.
The model is designed to be extensible to other classes of files and information system artifacts and is also discussed in the Sophos 2021 Threat Report.
YaraML Automatic Signature Generation Tools
Signature generation for the detection of malware families is a laborious, manual process. Over the years, researchers have proposed a variety of automatic signature generation methods, most of which have not found adoption because they underperform manual methods. SophosAI has developed a new method for automatic signature generation, called YaraML, that’s significantly different from previous options by taking an AI based approach to the problem. SophosAI directly “compiles” full-fledged, industrial strength machine learning models, the kinds used in commercial security products, into signature languages, essentially allowing AI to “write” the signatures. This proves to be far more effective than previous approaches and represents a breakthrough for the security community. SophosAI has open-sourced YaraML.
These four advancements are the latest from SophosAI, which works creatively like a start-up incubator, but with the intellectual resources of a near billion-dollar global company, including SophosLabs, Sophos Managed Threat Response and hundreds of thousands of customers. Another advantage is that SophosAI can add new technology directly into shipping products.
This model allows Sophos to react quickly to market needs, predict where the industry must head and advance openness for greater cybersecurity industry collaboration and innovation, all of which is essential when developing defenses against fast-moving adversaries.
…Nearly 80% of Organizations Hit by Ransomware Took More than a Week to Recover
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released a sector survey report, “The State of Ransomware in Healthcare 2024,” which revealed that the rate of ransomware attacks against healthcare organizations has reached a four-year high since 2021.
Of those organizations surveyed, two-thirds (67%) were impacted by ransomware attacks in the past year, up from 60% in 2023.
The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware attacks fell from 66% in 2023 to 59% in 2024.
Alongside an increase in the rate of ransomware attacks, the healthcare sector reported increasingly longer recovery times.
Only 22% of ransomware victims fully recovered in a week or less, a considerable drop from the 47% reported in 2023 and 54% in 2022.
In addition, 37% took more than a month to recover, up from 28% in 2023, reflecting the increased severity and complexity of attacks.
“While we’ve seen the rate of ransomware attacks reach a kind of “homeostasis” or even decline across industries, attacks against healthcare organizations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we’ve seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care,” said John Shier, field CTO, Sophos.
“To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers.”
Additional findings from the report include:
· Ransom Recovery Costs Surge: The mean cost of recovery in a healthcare ransomware attack was $2.57 million in 2024, up from $2.2 million in 2023 and double the 2021 cost
· Ransom Demands vs Payments: 57% of healthcare institutions that paid the ransom ended up paying more than the original demand
· Root Cause of Attack: Compromised credentials and exploited vulnerabilities were tied for the number one root cause of attack, each accounting for 34% of attacks
· Backups Targeted: 95% of healthcare organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack.
· Increased Pressure: Organizations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data (63% vs. 27%)
· Who Pays the Ransom: Insurance providers are heavily involved in ransom payments, contributing in 77% of cases. 19% of total ransom payment funding comes from insurance providers
The latest Sophos report on real-world ransomware experiences explores the full victim journey, from attack rate and root cause to operational impact and business outcomes, of 402 healthcare organizations.
The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.
Boxes have a multitude of uses, and the word “box”, lends itself to diverse contexts. For “Ajala Travelers,” the box is a necessity for keeping goods for their endless journeys. In literature, idiomatically, it can be said that “one has been boxed into a corner;” another might say to deal with a conundrum: “think outside the box;” then there is the “Pandora’s box” that no one wants opened.
To “box one’s ear’s” refers to a hit on the head, especially around one’s ears. For those who celebrate Christmas, “Boxing Day,” which is the 26th of December, the second day of Christmastide is not to be joked with: A day to unbox gifts. So much for the box.
Another type of boxes exists in the telecommunications world: The SIM Box. Have you ever received an international call but saw a local phone number ring in? That is SIM Boxing in action. Let me explain.
SIM boxing happens when a person uses a special equipment, what is called a SIM Box containing tens to hundreds of SIM Cards—from 32, to 96, to 512 and more SIMs —to terminate international calls by bringing in the international call into the SIM Box using internet connections and regenerating the calls to the called party from one of the hundred SIMs in the box.
This way, the called party will see the local number of the SIM from the SIM Box, and not the original international number calling.
With SIM Boxes, the syndicate charges international call carriers lower rates than what regular Nigerian telecommunications operators would charge, as they do not have to pay the full cost of maintaining and operating a phone network.
Basically, they are bypassing the normal route for international phone call termination to terminate international calls cheaply and making windfall profits off it.
Take for instance, a telecommunications operator in Nigeria would ordinarily charge international carriers 10cents per minute for terminating an international call in Nigeria. However, by routing the call through a SIM Boxing syndicate, the international telecommunications carrier only pays a fraction of the charge to the syndicate, say 5cents per minute and does not have to pay the full 10cents per minute charge.
The SIM Boxer will terminate this call to the called subscriber at a rate of, say N15 per minute using one of the SIM cards in their SIM Box. The SIM Boxer thus makes a killing from the differential between the rate charged to the international carrier and the rate paid to telecommunications operators whose SIM they utilise in their SIM Boxes, at the expense of our national security and income of mobile network operators and quality of our service to consumers.
Asides the revenue loss that local mobile network operators suffer courtesy the activities of these syndicates, networks face congestion around areas where the illegal call routings via SIM Boxing occurs. With the huge traffic from the boxes, callers around the area see more dropped calls, poor call quality, and slower data speeds.
The introduction of the linking of National Identity Numbers (NIN) to SIMs is one way the Federal Government has worked to tackle this criminal enterprise. With every SIM in the country being linked to an NIN, an identity is tied to the owner of each line, and regulators now have visibility of ownership. That is not all. There is also the “Max-4 Rule” where a subscriber is not allowed to have more than four lines per network operator linked to his NIN. With this rule in place, coupled with the NIN-SIM Linkage, every telephone subscriber in Nigeria would not just be accurately identifiable but limited to having only four telephone lines per subscriber.
To enforce this rule, the Nigerian Communications Commission (NCC) on the 29th of March 2024 announced the deadline for Mobile Network Operators to bar all subscribers who had five lines and above, and whose NIN failed the verification test of biometrics matching.
Over the last few weeks, sources within the NCC have confirmed cases where a single NIN was linked to over 100,000 lines.
Some NINs had well over 10,000 SIMS linked to them, others over a thousand, others had hundreds. Many have questioned the reports and asked, what would any single reasonable person be doing with these number of lines? Justifiable questions, because no sane person—who is not running a business—should own more than five SIM cards.
Given the ‘Max 4 Rule’ in place and the NIN-SIM Linkage Policy, SIM Boxers have been boxed into a corner.
The applications they use require tens to thousands of SIM Cards, and the imperative to stay anonymous. If these policies are well and fully implemented, this is the death knell for SIM Boxing merchants.
But the regulator, NCC needs to be fast and ready for the battle ahead. SIM Boxing is a billion-dollar criminal enterprise. They are not going to go down without a fight. It is like taking a bone being chewed from the mouth of a bulldog.
Already, the battle seems to have kicked off. A lawyer, Barrister Olukoya Ogunbeje has recently taken the Federal Government, NCC and Mobile Network Operators to court, claiming that the barring of SIMs not linked to NINs goes against his fundamental human rights, and has cost him the loss of business opportunities.
Anyone who has Nigeria’s interest at heart ordinarily supports this policy. It then does not add up seeing a so-called activist lawyer take up such a matter that is clearly against the public interest—unless this is the Haka cry of SIM Boxers.
A most interesting observation with his case is that it is not even a class action, but individually driven. It begs the question then, who is funding Barr. Olukoya Ogungbeje? What is his interest in fighting this policy that puts paid to the business of a criminal enterprise? Is he funded by interests in the SIM Boxing world? Time would tell. But in the meantime, NCC must go head on without fear or intimation and clean the Augean stable of SIM ownership in Nigeria.
Suleiman Bala Bakori is a researcher, and writes from the FCT.
TechNews
inq.Digital Supports Payments Forum Nigeria [PAFON 1.0]
Inq. Digital Nigeria Limited has been announced as a sponsor of Payments Forum Nigeria [PAFON 1.0] maiden edition holding this Thursday in Lagos.
inq. Digital Nigeria Limited, a subsidiary of inq. Group is an emerging leading digital and cloud solutions provider that delivers simpler seamless solutions to complex business challenges.
With offices in Lagos, Abuja, Port Harcourt and Kano, inq. provides reliable and affordable Intelligent Connectivity, SDN/NFV, Cloud and Digital services (including Edge –AI) for Nigerian businesses including those in the payment space.
Participation is FREE, however, pre-registration is required: https://bit.ly/4c4N19H.
Speaking ahead of Payments Forum Nigeria [PAFON 1,0] scheduled to take place at Oriental Hotel, Lekki Road, Lagos on Thursday, March 21, 2024 by 9am under the theme: “Payments: Trust, Security and Privacy in AI Era”, Mr. Chike Onwuegbuchi, the co-founder of TechCastle Foundation, the organisers, said the goal is to enable information exchange and knowledge sharing on key industry insights issues amongst key stakeholders, with the objective of ensuring a collaborative and proactive approach to push for policies that enable growth, tackling/mitigating fraud and limiting occurrences and losses.
Speakers
The following speakers are lined up for the Forum: Chibuzo Efobi, Director, Payments System Management, Central Bank of Nigeria (CBN); Festus Amede, Chairman, Committee of Chief Information Security Officers of Nigerian Financial institutions (CCISONFI; Dr. Adewale Peter Obadare, Chief Visionary Officer (CVO), Digital Encode Limited; Adetokunbo Omotosho, Chief Executive Officer, Cybervergent; Roosevelt Elias, Founder, Payble; Ikenna Ndugbu, chief compliance officer, Moniepoint MFB, and Peter Evbota, Sales Director at inq. Digital Nigeria Limited.
Payments Forum Nigeria is organised by TechCastle Foundation and sponsored by: inq. Digital Nigeria Limited, Cybervergent, Moniepoint, Digital Encode Limited, Payble with support from the Central Bank of Nigeria (CBN).
-
Spotlight3 days ago
Concerned citizens appeal to Gov Sanwo-Olu, Dangote Foundation, Banks, MTN Foundation, NNPC, others to assist journalist for brain surgery
-
Politics3 days ago
President Tinubu Restructures Media and Communications Team
-
GRPolitics3 days ago
With Commitment, Resilience We’ll Defeat Banditry and Terrorism – Badaru
-
Travel2 days ago
Defence Minister in S’Arabia to Discuss Counter-Terrorism
-
Energy14 hours ago
Boost for Nigeria’s Oil Production, As NNPC’s Utapate Crude Grade Hits Global Oil Market
-
News8 hours ago
Badaru on Operational Tour of 82 Division, other Military Installations in Enugu and Imo States