February 27, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | BU Soft Tech | itTrident | Former Sr. VP & CTO of MF Utilities
Google has come out with a Chrome extension called GPT for Sheets, which allows users to manipulate data with conversational language; Microsoft says it will integrate ChatGPT into all of its products, with Bing first. Microsoft recently invested $10 billion in OpenAI, the creators of ChatGPT. But as exciting (and sometimes disappointing) as ChatGPT applications may be, there’s a much more mundane—and promising—approach to machine learning that’s already available. ... This is the technical process of converting data from one format, standard, or structure to another, without changing the content of the data sets, in order to prepare it for consumption by a machine learning model. Data prep is the equivalent of janitorial work, albeit incredibly important work. Transformation increases the efficiency of business and analytic processes, and it enables businesses to make better data-driven decisions. But it’s difficult and time-consuming unless the user is familiar with Python or the popular query language SQL.
SOCs already make use of automation as much as possible, as they need to deal with telemetry, but automation for digital forensics is different, as it mostly needs data processing by orchestrating, performing and monitoring forensic workflows. Half of DFIR professionals indicate that investments in automation would be greatly valuable for a range of DFIR functions, as workflows still rely too much upon the manual execution of many repetitive tasks. More than 20% of the survey respondents indicated automation would be mostly valuable for the remote acquisition of target endpoints, the triage of target endpoints, and processing of digital evidence, as well as documenting, summarizing and reporting on incidents. ... A field under such rapid evolution needs informed and decisive leadership to set strategies and direct resources in an efficient way. Leaders influence the way DFIR professionals can efficiently access data sources they need, which is often difficult, as more than a third of the survey respondents indicated.
Microsoft says TCP reflected amplification attacks are becoming more prevalent and powerful, and more diverse types of reflectors and attack vectors are typically exploiting "improper TCK stack implementation in middleboxes, such as firewalls and deep packet inspection devices." In reflection attacks, attackers spoof the IP address of the target to send a request to a reflector, such as an open server or middlebox, which responds to the target, such as a virtual machine. The latest TCP reflected amplification attacks can reach "infinite amplification" in some cases. In April 2022, a reflected amplified SYN+ACK attack on an Azure resource in Asia reached 30 million packets per second and lasted 15 seconds. "Attack throughput was not very high, however there were 900 reflectors involved, each with retransmissions, resulting in high pps rate that can bring down the host and other network infrastructure," the report says.
领英推荐
"The first thing that happens when you go into a down economic cycle is: Everybody goes on defense," Ackerman says. "They rationalize the platform, make sure it's stable and right-size for the market. Once that foundation is established, then they go on offense. I think you're going to see an acceleration of M&A activity by the big guys as they get through this consolidation and rationalization process." DeWalt expects industrial control systems and OT security to get lots of attention from the investment community in 2023 given the technology's lack of penetration and volume of attacks against industrial, non-IT networks. Network and infrastructure security had the fifth-highest level of M&A and financing activity in 2022, including a $125 million Series C funding round for critical infrastructure firm Fortress. DeWalt says the Russia-Ukraine war has led to increased attention on data management as data wipers, data poisoning and the poisoning of AI algorithms become ways to foment misinformation and disinformation.
Script kiddies in particular have been asking if ChatGPT might help them build better malware for free. Results have been extremely mixed. "Right now, I think it's a novelty," says John Kindervag, creator of zero trust and senior vice president of cybersecurity strategy at ON2IT Group. But as AI gets better, he says, "probably it will allow the attackers to craft more sophisticated attacks, and it will toast everybody who is not paying attention." So far, at least, the fervor over AI chatbots being used to build a better cybercrime mousetrap is claptrap, says security researcher Marcus Hutchins, aka MalwareTech. ... Criminals needn't bother to use AI chatbots, which are trained on publicly available code. Instead, they can go to the source. "If someone with zero coding ability wants malware, there are thousands of ready-to-go examples available on Google" and GitHub, Hutchins says. Another rising concern is that criminals will use AI chatbots to craft better phishing email lures, especially outside their native language.
Synchronous microservice limitations can be overcome through asynchronous interaction, event-driven architecture, and event-enabling traditional microservices. Taking advantage of the constant flow of business and technical events by acting on them promptly. As awareness of the importance of events and event-driven architecture (EDA) grows, architects and developers are exploring ways to integrate events into microservices. However, successful adoption of EDA also requires a change in mindset and approach from business stakeholders, product owners, and architects. This shift involves moving from a data-centric approach to one that uses events to drive business decisions and logic. Full event-native adoption is necessary to fully leverage the benefits of events throughout the various stages of the business. Modern APIs are predominantly based on microservices, but events and event-driven architecture (EDA) are becoming increasingly important. The future of APIs lies in combining the strengths of APIs and EDA to create Event-Driven-APIs.