I’ve spent much of my career in and around security, and if there were ever a time not to be in the security business, this would be it.
The cause for this is not because the business isn’t still potentially lucrative but because the threats appear to be increasing at an alarming rate. This escalation is particularly noticeable with the advent of AI and understaffed security departments.
According to HP, we lack the 3.5 million, yes, that’s million, security professionals we need to address current threats, let alone the impending AI-created threats.
Let’s talk about security this week in the context of HP’s Quarterly Security Report, what HP is doing to step up to the problem, and we’ll close with what may be my new favorite phone: the Motorola 2023 Razr foldable phone, which is kind of a blend of the future and the past.
Pirating content is a cheap way to get music, TV, and movies you’d otherwise have to pay for. It is a bad idea because not only could you be charged up to $10,000 for each piece you get caught pirating, but some of that content could contain malware that could infect or destroy your PC or infect or destroy your company.
Well, the situation just worsened.
Users have been attempting to download an application called Shampoo that bypasses the Chrome Web Store. As it’s one of many unvetted apps for Android, Shampoo can infect users’ PCs, causing them to run malicious VBScript. This action then triggers a series of scripts that download the browser extension. The extension then loads into a new browser session and sets up persistence mechanisms that make removing it almost impossible.
Initially, this malicious app, which is part of the ChromeLoader family known for injecting malware, uses a complex injection chain that funds those sent out by redirecting search inquiries and injecting ads. Users will notice their PCs are acting differently, but if they remove the app, it will just reinstall itself when they reboot, making it very difficult to get rid of the thing.
Back to pirating.
This application is specifically targeting users who have been actively searching for pirated content, particularly games. The fact that the folks behind these attacks are explicitly targeting pirates suggests that there may be reporting aspects of this app that may not have been triggered yet or other painfully punitive elements that haven’t yet become visible.
The best defense against this is not to pirate and certainly to stop any side-loading (bypassing the Google Store) because this isn’t the only hostile app out there, and things are about to become far less safe as a result.
Microsoft tightened the security around Office substantially, but threat actors have already begun to work around these restrictions.
For instance, last March, attackers gained access to Microsoft 365 credentials of employees. They used these credentials to log into the employees’ online Outlook accounts. Next, they set up a new email address and used it to masquerade as the target organization’s finance department. Then, they emailed employees malicious Word documents. The employees, believing the documents were from their employer’s finance department, opened them.
Since the emails seem to originate from within the company, bearing the label of the finance department, recipients view them as trustworthy. Thus, the internal macros in the documents are not disabled as they normally would be for an externally sourced email. In this instance, the downloaded malware is FormBook, an information-stealing application sold on a few hacking forums.
Currently, email is at 80%, with browser downloads at 13% and others at 7%. Certain kinds of malware are increasing dramatically, with gzip (a common data compression application) archive malware up 53% and HTML threats in general up 37%. According to the HP report, document threats containing exploits are up 85%, and compression tool-connected exploits are up 6%.
However, this is all before the wave of AI-generated threats, which are not included in the report and are also increasing rapidly.
For example, reports of people getting faked phone calls from loved ones in distress have increased. Unlike prior scams, the callers have sampled the person’s voice they claim was kidnapped so that the screams and pleading coming over the phone sound just like the relative you want to protect. An example of one of the attacks was reported to Congress.
This alarming trend suggests we should all have a verification code that we can use to determine if the person on the other end of the phone is who they say they are when such a call comes in and to approach these calls with a great deal of skepticism. Another analyst got a call like this seemingly from his wife, saying she was being held for ransom while she was just out shopping. Even though he didn’t fall for it, the call shook him up badly.
In this Wharton School video, you can get a sense of the breadth of things that AI can do currently — from writing complete apps for you even if you can’t code to creating credible deepfake videos to scam others with minimal effort.
It’s important to note that the tools the speaker used are mostly not even current, let alone capable of what they will be able to do in a few short months.
HP has missioned its Wolf Security unit to tackle a wide range of these threats, although AI-based threats seem to remain outside its scope for now. However, HP’s business-focused products and security services, which span small businesses to enterprises, have largely mitigated the threats identified in its report.
HP has a unique security controller and special protections, which secure the PC during booting. If the PC becomes compromised, it can recover it reliably. In case of theft or before transferring the PC to someone else, it can wirelessly remove the data.
Out of the 125 million devices equipped with HP’s advanced security solution, not a single one has been breached. Although no system can guarantee absolute security, HP’s designs offer protection far exceeding their competitors, significantly increasing the likelihood that an attacker would abandon their efforts in favor of a less secure target.
In the early 2000s, HP was also the first to highlight to me the risk of quantum technology against existing encrypted files, and it has been working on a fix for this longer than any other PC vendor. With a combination of unique hardware, software, and a stand-alone security entity called Wolf Security, HP stands alone when it comes to PC security right now.
The surge of security threats is escalating at an unprecedented rate, a trend likely to be amplified by the upcoming wave of AI-created threats that are already drawing significant attention at the congressional level.
HP’s investment in Wolf Security now appears prophetic as it not only anticipated this problem but also ramped up its capabilities to address the threats present in today’s market and those predicted to arise in the future. Still, the emergence of generative AI threats could potentially overwhelm everyone in the sector.
AI threats will likely require an AI response, and the folks at HP are also working on that. Let’s hope they complete it before the impending AI malware apocalypse.
The original Motorola Razr phone was a massive hit. Anyone that was someone had one. It was the iPhone of its age, and younger buyers have been flocking to that form factor in a retro trend recently, but you give up most of the smartphone features to get what is arguably a far better device for TikTok videos.
The Motorola Razr+ foldable phone, which costs substantially more, provides the benefits of portability and ergonomic design that makes it easier to hold, with the capability of a complete smartphone. It costs $999.99, a sharp decline from the last model, and comes in three colors: Infinite Black, Viva Magenta, and Glacier Blue. The Razr+ has 256GB of internal storage, and you can buy it unlocked from Motorola, giving you flexibility between cell phone carriers.
Razr+ foldable phone in Glacier Blue (Image Credit: Motorola)
Battery life at 14 hours is significantly higher than the prior model as well. However, you have to be more careful with this phone because its water resistance is more limited than the older model, and foldable screens tend to be more vulnerable to dust. Performance is good though it does use a down-speed Qualcomm processor to get to this price point. Like most foldable screen phones, it does tend to draw attention when you use it.
It appears particularly well-designed for selfies and TikTok videos, given its external display over the camera lenses, and it is nearly as useful while folded as it is when unfolded. Motorola (a Lenovo division) clearly has paid close attention to how millennials use flip phones. Thanks to its design, you can even prop the phone up in a tent-like position for video viewing on the smaller screen.
The Razr+ has a whopping 6.9-inch display when unfolded, complemented by Atmos sound and decent performance. I really like this phone, so it is my Product of the Week. It comes to market this week on June 29.
Rob Enderle has been an ECT News Network columnist since 2003. His areas of interest include AI, autonomous driving, drones, personal technology, emerging technology, regulation, litigation, M&E, and technology in politics. He has an MBA in human resources, marketing and computer science. He is also a certified management accountant. Enderle currently is president and principal analyst of the Enderle Group, a consultancy that serves the technology industry. He formerly served as a senior research fellow at Giga Information Group and Forrester. Email Rob.
Please sign in to post or reply to a comment. New users create a free account.
Common groups or interests
Industry relevance and experience
Inviter’s profile completeness and credibility
Personalized message in the invite
Size of their network and mutual connections
One More Thing…Apple Unveils Vision Pro Mixed-Reality Headset at WWDC23
Will Apple’s Vision Pro Dent the Universe?
Qualcomm’s Gen AI: A Unique Opportunity Beyond Innovation
Apple Vision Pro: Gateway to a New Computing Future
AI ‘Hallucinations’ Can Become an Enterprise Security Nightmare
Personal Data Harvesting and How To Reduce Your Digital Footprint
Tech Talent Trend: Hiring Eased, Upskilling in Limelight
This Gen AI for CRM Boasts ‘Like Having 1,000 Employees’
The Future of AI in Retail: Beyond the ChatGPT Hype
EdTech Developer’s Study Game Approach Aces Med School Testing Curve
DOJ, Five Eyes Nations Unite To Dismantle Russian Cyber-Espionage Network
New HP and Sonos Devices Accentuate the Ultimate Home Office Workstation
Digital Health Care Flourishing Despite Legal, Logistical Hurdles
Telly Offers Half-Million Free 55-Inch 4K TVs, Advertisers To Pick Up Tab
Leverage the Power of Data To Monitor Home Energy Efficiency
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
Selecting the Right SBOM for Your Enterprise
RSA Conference Rebounds as Business Risks Soar
Mobile Shopping Apps Linked to Digital Wallets: A Loyalty-Driving Duo
Windows 11 AI Integration Signals New Era for User Experiences
Researchers Instantly Crack Simple Passwords With AI
Poly Voyager 60 Series Earbuds Provide a Premium Audio Experience
Is ChatGPT Smart Enough To Practice Mental Health Therapy?
Google Invites Public To Test Drive Its AI Chatbot Bard
Are Mainframes an Indicator of Banking Reliability?
2024 and How the Coming CPU War Is Likely To Play Out
Social Media Fueled the Run on Silicon Valley Bank: Study
DARPA Moves Forward With Project To Revolutionize Satellite Communication
‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry
FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations
Study Finds AI Threatening Many Women’s Jobs
The Importance of Microsoft’s 5-Point Blueprint for Public Governance of AI
Study Finds EV Battery Replacement Rare, Most Covered by Warranty
Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal
HP Affirms ‘Better Together’ at Its Amplify Event
Female Army Veteran Uses Tech To Help Create a Better Future
Copyright 1998-2023 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.