Slik takler du truslene i 2023 – Interview med Prof. Lothar Fritsch i Kode24

Flere eksperter i cybersikkerhet har svart ti Kode24.no hva de viktigste IT-sikkerhetstrusler i 2023 er, og hvordan programmerere og bedrifter kan forberede seg på disse. Lothar Fritsch, professor i anvendt informasjonssikkerhet ved OsloMet, anbefaler:

  • Kjenne til MITRE ATT&CK og Cyber Kill Chain
  • Kjøre en søk på egen bedrift på Shodan.io – og forstå hvordan kriminelle bruker søkemotoren
  • Kjøre et praktisk forsøk på gjenopprettelse av kjernevirksomheten fra eksisterende back-up
  • Utprøve hvor lenge bedriften overlever strømbrudd
  • Planlegge og utprøve rutiner for lengre kommunikasjonsbrudd på sjøkabler til skyeleverandører, på fiber og mobilnett.
  • Planlegge for plan B ved bortfall eller kompromittering av viktige underleverandører, slik som betalingstjenester, digital ID og sky-API.

Malware uses AI to attack and spread

Today on the 2022 symposium of the Norwegian AI Society, Lothar Fritsch, Aws Jaber Naser and Anis Yazidi presented their article “An overview of artificial intelligence used in malware“. In this survey, they found that malware increasingly deploys AI techniques in order to spread and attack more efficiently.

We found that AI is already demonstrated in the following adversarial use cases:

  • Direct sabotage of defending AI or ML algorithms;
  • Detection evasion through intelligent code perturbation techniques;
  • Detection evasion through learning of traffic patterns when scanning systems, communication or connection to command and control infrastructures;
  • Black-box-techniques bypassing intrusion detection using generative networks and unsupervised learning;
  • Direct attacks predicting passwords, PIN codes;
  • Automatic interpretation of user interfaces for application control;
  • Self-learning system behavior for undetected automated cyber-physical sabotage;
  • Botnet coordination with swarm intelligence, removing need for command and control servers;
  • Sandbox detection and evasion with neural networks;
  • Hiding malware within images or neural networks.

We conclude that AI is an emerging risk in cybersecurity, as:

  • AI deployment in malware is abundant in prototypes and demonstrators;
  • AI already used in some malware;
  • High potential for automation and autonomy in malware through AI – may deprive information security defenders of defenses such as re-direction of command and control servers;
  • AI-enhanced malware is a serious emerging risk for information security.

VG: Trolling på nett i cyberkonflikt

Avisen VG har skrevet om organisert, statlig og politisk motivert trolling på nett og i sosiale medier med fokus på dagens krig mellom Russland og Ukraina. Artikkelen belyser journalisters rolle, forklarer organiserte kampanjer med troller – og oppsummerer hvordan man gjenkjenner trollaktivitet i et intervju med OsloMET’s professor for informasjonssikkerhet, Lothar Fritsch:

Han avslørte «trollfabrikkene»: – Journalistene er kriminelle – VG

VG om trolling på nett

Public seminar: Privacy Is Hard and Seven Other Myths

Invitation to public Nordstar security seminar @OsloMET:
Jaap Henk Hoepman: Privacy Is Hard and Seven Other Myths

Date: May 9th, 2022  14:00-15:30, OsloMET, PIlestredet 35, building P35, room PI447

Abstract:

In this talk Jaap-Henk Hoepman will discuss some of the myths surrounding privacy (like “I have nothing to hide” and “We are not collecting personal data” or “You have zero privacy anyway. Get over it.”). All to show that technological developments have had a tremendous impact on our privacy, but also can be used to protect our privacy. He will talk about the legal protection of privacy through the General Data Protection Regulation (GDPR) and discuss how relying on purely legal measures is not enough. The systems themselves should be designed in a privacy friendly manner, through privacy by design. He will explain the privacy by design philosophy, and make it concrete by describing eight privacy design strategies.

Speaker biography: Jaap-Henk Hoepman is Associate professor, Dept. of Computer Science, Radboud University, Nijmegen, The Netherlands., Associate professor, IT Law, Faculty of Law, University of Groningen, The Netherlands and currently a guest professor, with PRISEC – Privacy And Security, Karlstad University, Sweden.

His research interests focus on privacy by design, and privacy friendly protocols for identity management and the Internet of Things. He published the text book “Privacy Is Hard and Seven Other Myths: Achieving Privacy through Careful Design”.

Contact: http://www.cs.ru.nl/~jhh/about.html

Date: May 9th, 2022  14:00-15:30, OsloMET, PIlestredet 35, building P35, room PI447

Location: Oslo Metropolitan University (OsloMET), Oslo, Campus Pilestredet, Pilestredet 35, Building P35, Lecture hall PI447 (Entrance from Holbergs gate, use elevator next to the multi-floor indoor climbing wall in P35 entrance hall, turn right when exiting elevator on 4th floor.)
Closest stop for public transport: Tram stop Holbergs plass.

This talk is presented with Professor Audun Jøsang’s University of Oslo’s AF Security seminar series.

Nordstar security seminar series

In the Nordstar security activity, OsloMET’s researchers investigate issues of security, privacy and trust in artificial intelligence. The seminar series presents scientific speakers who throughout 2022 will talk about topics related to federated learning, information privacy and artificial intelligence.

Nordic Centre for Sustainable and Trustworthy Artificial Intelligence Research (NordSTAR) is a Centre of Research Excellence in modern Artificial Intelligence (AI). The centre aims to establish a new paradigm in AI basic research, so-called sustainable and trustworthy AI.  The main goal of NordSTAR is to develop AI tools, which embed all key aspects related with trustworthiness and sustainability. To do this the centre has established five research areas: Security, safety and reliability, Human factors in AI, and Quantum AI.

The centre is led by Pedro Lind and Anis Yazidi. It is part of the OsloMet AI Lab and Applied Artificial Intelligence.  The security seminar series is organized by Lothar Fritsch and Hårek Haugerud.

Sikkerhetstips under cyberkrigen

Interview med Lothar Fritsch på OsloMET.no

OsloMET har intervjuet Prof. Lothar Fritsch om internasjonale konflikter der det brukes cyberangrep. Samtalen handler om risiko å bli utsatt for angrep, misbruk av privat utstyr som del av Botnett, og personlige sikkerhetstiltak mot å bli offer for slike aktiviteter.

Media interview in Shifter: Netflix, Spotify, Twitter and Google leave Russia. Kahoot stays.

Internet and social media companies terminate their services in Russia. Startup magazine Shifter interviewed OsloMET’s Professor for Applied Information Security, Lothar Fritsch, about the implications of leaving or staying in a sanctioned market, and about Russian’s use of VPN technologies to secure access to blocked Internet services. The article is published in Norwegian at Shifter.