Connect with us

TECHNOLOGY

Evolution of cybercriminals’ attacks on cloud native environments revealed

Published

on

A graphic of a padlock.


Attackers are finding new ways to target cloud native environments, according to Nautilus, the threat research team of cloud native security provider, Aqua Security.

The team’s latest research shows that adversaries are adopting more sophisticated techniques, leveraging multiple attack components, and shifting attention to Kubernetes and the software supply chain. The “2022 Cloud Native Threat Report: Tracking Software Supply Chain and Kubernetes Attacks and Techniques” provides insight on trends and key takeaways for practitioners about the cloud native threat landscape.

The study revealed that adversaries are engaging with new tactics, techniques and procedures (TTPs) to specifically target cloud native environments. While cryptominers were the most common malware observed, with increasing frequency, Team Nautilus discovered an increased usage of backdoors, rootkits, and credential stealers — signs that intruders have more than cryptomining in their plans. Backdoors, which permit a threat actor to access a system remotely and are used to establish persistence in the compromised environment, were encountered in 54% of attacks (up 9% compared with in 2020). Additionally, half of the malicious container images (51%) analyzed by researchers contained worms, which allow attackers to increase the scope of their attack with minimal effort (up 10% compared with 2020).

Notably, threat actors also broadened their targets to include CI/CD and Kubernetes environments. In 2021, 19% of the malicious container images analyzed targeted Kubernetes, including kubelets and API servers, up 9% compared with the previous year.

Assaf Morag, Threat Intelligence and Data Analyst Lead, Aqua’s Team Nautilus, said: “These findings underscore the reality that cloud native environments now represent a target for attackers, and that the techniques are always evolving.

“The broad attack surface of a Kubernetes cluster is attractive for threat actors, and then once they are in, they are looking for low-hanging fruit.”

Other key findings:

The proportion and variety of observed attacks targeting Kubernetes has increased, and this includes a wider adoption of the weaponization of Kubernetes UI tools.
– Supply chain attacks represent 14.3% of the particular sample of images from public image libraries, showing that these attacks continue to be an effective method of attacking cloud native environments.
– The Log4j zero-day vulnerability was immediately exploited in the wild. Team Nautilus detected multiple malicious techniques, including known malware, fileless execution, reverse shell executions, and files that were downloaded and executed from memory – all emphasizing the need for runtime protection
– Researchers observed honeypot attacks by TeamTNT after the group announced its retirement in December 2021. However, no new tactics have been in use, so it is unclear if the group is still in operation or if the ongoing attacks originated from automated attack infrastructure. Regardless, enterprise teams should continue preventative measures against these threats.

Aqua’s Team Nautilus made extensive use of honeypots to investigate attacks in the wild, and to investigate supply-chain attacks against cloud native applications, the team examined images and packages from public registries and repositories, such as DockerHub, NPM and Python Package Index. Team Nautilus utilised Aqua’s Dynamic Threat Analysis (DTA) product to analyse each attack. Aqua DTA is the industry’s first container sandbox solution that dynamically assesses container image behaviours to determine whether they harbour hidden malware. This enables organizations to identify and mitigate attacks that static malware scanners cannot detect.

“The key takeaway from this report is that attackers are highly active — more than ever before — and more frequently targeting vulnerabilities in applications, open source and cloud technology,” said Morag. “Security practitioners, developers and devops teams must seek out security solutions that are purpose-built for cloud native. Implementing proactive and preventative security measures will allow for stronger security and ultimately protect environments.”

To ensure cloud environments are secure, Aqua’s Team Nautilus recommends implementing runtime security measures, a layered approach to Kubernetes security, and scanning in development.

Tags: ,



Source link

TECHNOLOGY

How Sports Organizations Are Using AR, VR and AI to Bring Fans to The Game

Published

on

How Sports Organizations Are Using AR, VR and AI to Bring Fans to The Game

AR, VR, and AI in sports are changing how fans experience and engage with their favorite games.

That’s why various organizations in the sports industry are leveraging these technologies to provide more personalized and immersive digital experiences.

How do you get a sports fan’s attention when there are so many other entertainment options? By using emerging technologies to create unforgettable experiences for them! Innovative organizations in the sports industry are integrating AR, VR and AI in sports marketing and fan engagement strategies. Read on to discover how these innovative technologies are being leveraged to enhance the game-day experience for sports fans.  

Innovativ_Tech_to_Enhance_Sports.png

AUGMENTED REALITY IN SPORTS

AR is computer-generated imagery (CGI) that superimposes digitally created visuals onto real-world environments. Common examples of AR include heads-up displays in cars, navigation apps and weather forecasts. AR has been around for decades, but only recently has it become widely available to consumers through mobile devices. One of the best ways sports organizations can use AR is to bring historical moments to life. This can help fans connect to the past in new ways, increase brand affinity and encourage them to visit stadiums to see these experiences in person. INDE has done just that, creating an augmented reality experience that lets fans meet their favorite players at the NFL Draft.

VIRTUAL REALITY IN SPORTS

VR is a computer-generated simulation of an artificial environment that lets you interact with that environment. You experience VR by wearing a headset that transports you to a computer-generated environment and lets you see, hear, smell, taste, and touch it as if you were actually there. VR can be especially impactful for sports because it lets fans experience something they would normally not be able to do. Fans can feel what it’s like to be a quarterback on the field, a skier in a race, a trapeze artist, or any other scenario they’d like. The VR experience is fully immersive, and the user is able to interact with the content using hand-held controllers. This enables users to move around and explore their virtual environment as if they were actually present in it.

ARTIFICIAL INTELLIGENCE IN SPORTS

Artificial intelligence is machine intelligence implemented in software or hardware and designed to complete tasks that humans usually do. AI tools can manage large amounts of data, identify patterns and make predictions based on that data. AI is already influencing all aspects of sports, from fan experience to talent management. Organizations are using AI to power better digital experiences for fans. They’re also using it to collect and analyze data about fan behavior and preferences, which helps organizers better understand what their customers want. AI is also changing the game on the field, with organizations using it to make better decisions in real time, improve training and manage player health. Much of this AI is powered by machine learning, which is a type of AI that uses data to train computer systems to learn without being programmed. Machine learning is the reason why AI is able to evolve and get better over time — it allows AI systems to adjust and improve based on new data.

MERGING THE REAL AND VIRTUAL

VR and AR are both incredible technologies that offer unique benefits. VR, for example, is an immersive experience that allows you to fully imagine and explore another virtual space. AR, on the other hand, is a technology that allows you to see and interact with the real world while also being able to see digital content superimposed on top of it. VR and AR are both rapidly evolving and can have a significant impact on sports marketing. By using both technologies, brands and sporting organizations can create experiences that bridge the real and virtual. This can help sports marketers create more engaging experiences that truly immerse their customers in the game.

Technologies like AR, VR and AI in sports are making it possible for fans to enjoy their favorite games in entirely new ways. AR, for example, can help sports lovers experience historical moments, VR lets them immerse themselves in the game, and AI brings them more personalized and immersive digital experiences. The best part is that sports fans can also use these technologies to interact with one another and feel even more connected. 

Source link

Continue Reading

TECHNOLOGY

The Dark Side of Wearable Technology

Published

on

The Dark Side of Wearable Technology

Wearable technology, such as smartwatches, fitness trackers, and other devices, has become increasingly popular in recent years.

These devices can provide a wealth of information about our health and activity levels, and can even help us stay connected with our loved ones. However, there is also a dark side to wearable technology, including issues related to privacy, security, and addiction. In this article, we will explore some of the darker aspects of wearable technology and the potential risks associated with these devices.

1. Privacy Concerns

Privacy_Concerns_of_Fitness_Trackers.jpg

 

Source: Deloitte

Wearable technology can collect and transmit a significant amount of personal data, including location, health information, and more. This data is often shared with third parties, such as app developers and advertisers, and can be used to track and target users with personalized advertising. Additionally, many wearable devices lack robust security measures, making them vulnerable to hacking and data breaches. This can put users’ personal information at risk and expose them to identity theft and other cybercrimes.

2. Security Risks

Security_Risks_of_Wearable_Tech.jpg

Source: MDPI

Wearable technology can also pose security risks, both to the individual user and to organizations. For example, hackers can use wearable devices to gain access to sensitive information, such as financial data or personal contacts, and use this information for malicious purposes. Additionally, wearable technology can be used to gain unauthorized access to secure areas, such as buildings or computer systems, which can be a major concern for organizations and governments.

3. Addiction Issues

Addiction_Issues_of_Wearable_Tech.jpg

Source: Very Well Mind

The constant connectivity and access to information provided by wearable technology can also lead to addiction. The constant notifications and the ability to check social media, emails and other apps can create a constant need to check the device, leading to addiction-like symptoms such as anxiety, insomnia and depression.

4. Health Risks

Health_Risks.jpg

Source: RSSB 

Wearable technology can also pose health risks, such as skin irritation and allergic reactions caused by the materials used in the device. Additionally, the constant use of wearable technology can lead to poor posture and repetitive stress injuries, such as carpal tunnel syndrome. It is important for users to be aware of these risks and to take steps to protect their health, such as taking regular breaks from using the device and practicing good ergonomics.

Conclusion

Wearable technology has the potential to be a powerful tool for improving our health, fitness, and overall well-being. However, it is important to be aware of the darker aspects of wearable technology and the potential risks associated with these devices. By understanding the privacy, security, addiction, and health risks associated with wearable technology, users can take steps to protect themselves and their personal information. Additionally, by being aware of these risks, organizations can take steps to protect their employees and customers from the potential negative effects of wearable technology.

Source link

Continue Reading

TECHNOLOGY

Data Science & Machine Learning Trends You Cannot Ignore

Published

on

Data Science & Machine Learning Trends You Cannot Ignore

Digital transformation has become the new mantra for companies to thrive in the digital age.

Data science and machine learning are two major assets in the digital transformation era.

Digital transformation has become a necessity for businesses. It is the way forward for all businesses, regardless of size and scope. However, it should be more than simply digitizing your processes. Digital transformation should be about re-imagining your business processes with cutting-edge technology and artificial intelligence like data science and machine learning. This would help eliminate manual labor and accelerate growth with collaborative technologies like chatbots, virtual assistance and augmented reality, while having a seamless user experience across all channels – online, mobile app and website – with the help of an integrated CMS that can adapt to any screen size.

DATA_SCIENCE_AND_MACHINE_LEARNING_TRENDS_YOU_CANNOT_IGNORE.png

With the above thoughts in mind, let’s look at four new DSML trends you cannot ignore.

Intelligent Automation

Most digital transformation initiatives focus on creating a digital front-end, with a strong focus on customer-facing channels. While that’s obviously important, a lot of organizations forget about the back-end and the data that’s being used by their systems. This is a mistake, as intelligent automation can help bridge the gap between the front-end and the back-end systems and processes. It’s a key element that can help organizations curate data, which is then used to enrich customer experiences and create personalized marketing campaigns, among many other things. An integrated CMS with an intelligent automation system can automatically pull customer data into content, provide real-time insights about customers and their behavior, and suggest personalized content for different channels.

Augmented Reality

Augmented reality lets you digitize your business processes by visualizing information. It can help you create exciting customer experiences by enabling them to see and interact with information in their physical environment. This technology has been used for gaming and entertainment for a long time, but now businesses are leveraging it for digital transformation. With augmented reality, you can create interactive product catalogues, digital manuals and helpful visual guides to engage customers and employees.

Chatbots and Voice Recognition

Digital transformation is about more than just creating engaging customer experiences; it’s also about making sure that those experiences are accessible on any platform. Coupled with voice recognition, chatbots can be used across all customer channels, including websites and apps, to provide information, schedule appointments, and answer basic questions. A key element of digital transformation is making your business accessible to customers no matter where they are or what device they’re using.

Unified Experience Across Devices

A unified experience across devices ensures that customers experience the same content and functionality regardless of what platform they’re using. For example, let’s say a customer wants to learn more about your product. With a unified experience across devices, the customer would be able to access information about the product from their computer or mobile device. This way, if a customer is on the go and has limited screen real estate, they can still access the information they need.

 

A digital transformation is necessary for businesses to grow and thrive. However, it takes more than just digitizing processes. With the help of data science and machine learning, organizations can reimagine how they work with new technology and tools. Thereby, they can create an integrated experience across devices and channels, with a seamless flow for customers and employees.

Source link

Continue Reading

Trending

en_USEnglish