DKIM, SPF, DMARC demystified

What all the stuff in email headers means—and how to sniff out spoofing

Parsing email headers needs care and knowledge—but it requires no special tools.

Come to think of it, maybe you shouldn't open this one at all.
Enlarge / Come to think of it, maybe you shouldn’t open this one at all.
Aurich / Thinkstock

I pretty frequently get requests for help from someone who has been impersonated—or whose child has been impersonated—via email. Even when you know how to „view headers“ or „view source“ in your email client, the spew of diagnostic wharrgarbl can be pretty overwhelming if you don’t know what you’re looking at. Today, we’re going to step through a real-world set of (anonymized) email headers and describe the process of figuring out what’s what.

Before we get started with the actual headers, though, we’re going to take a quick detour through an overview of what the overall path of an email message looks like in the first place. (More experienced sysadmin types who already know what stuff like „MTA“ and „SPF“ stand for can skip a bit ahead to the fun part!)

From MUA to MTA, and back to MUA again

The basic components involved in sending and receiving email are the Mail User Agent and Mail Transfer Agent. In the briefest possible terms, an MUA is the program you use to read and send mail from your own personal computer (like Thunderbird, or Mail.app, or even a webmail interface like Gmail or Outlook), and MTAs are programs that accept messages from senders and route them along to their final recipients.

Traditionally, mail was sent to a mail server using the Simple Mail Transfer Protocol (SMTP) and downloaded from the server using the Post Office Protocol (abbreviated as POP3, since version 3 is the most commonly used version of the protocol). A traditional Mail User Agent—such as Mozilla Thunderbird—would need to know both protocols; it would send all of its user’s messages to the user’s mail server using SMTP, and it would download messages intended for the user from the user’s mail server using POP3.

As time went by, things got a bit more complex. IMAP largely superseded POP3 since it allowed the user to leave the actual email on the server. This meant that you could read your mail from multiple machines (perhaps a desktop PC and a laptop) and have all of the same messages, organized the same way, everywhere you might check them.

Finally, as time went by, webmail became more and more popular. If you use a website as your MUA, you don’t need to know any pesky SMTP or IMAP server settings; you just need your email address and password, and you’re ready to read.

Ultimately, any message from one human user to another follows the path of MUA ⟶ MTA(s) ⟶ MUA. The analysis of email headers involves tracing that flow and looking for any funny business.

TLS in-flight encryption

The original SMTP protocol had absolutely no thought toward security—any server was expected to accept any message, from any sender, and pass the message along to any other server it thought might know how to get to the recipient in the To: field. That was fine and dandy in email’s earliest days of trusted machines and people, but it rapidly turned into a nightmare as the Internet scaled exponentially and became more commercially valuable.

It’s still possible to send email with absolutely no thought toward encryption or authentication, but such messages will very likely get rejected along the way by anti-spam defenses. Modern email typically is encrypted in-flight, and signed and authenticated at-rest. In-flight encryption is accomplished by TLS, which helps keep the content of a message from being captured or altered in-flight from one server to another. That’s great, so far as it goes, but in-flight TLS is only applied when mail is being relayed from one MTA to another MTA along the delivery path.

If an email travels from the sender through three MTAs before reaching its recipient, any server along the way can alter the content of the message—TLS encrypts the transmission from point to point but does nothing to verify the authenticity of the content itself or the path through which it’s traveling.

SPF—the Sender Policy Framework

The owner of a domain can set a TXT record in its DNS that states what servers are allowed to send mail on behalf of that domain. For a very simple example, Ars Technica’s SPF record says that email from arstechnica.com should only come from the servers specified in Google’s SPF record. Any other source should be met with a SoftFail error; this effectively means „trust it less, but don’t necessarily yeet it into the sun based on this alone.“

SPF headers in an email can’t be completely trusted after they’re generated, because there is no encryption involved. SPF is really only useful to the servers themselves, in real time. If a server knows that it’s at the outside boundary edge of a network, it also knows that any message it receives should be coming from a server specified in the sender’s domain’s SPF record. This makes SPF a great tool for getting rid of spam quickly.

DKIM—DomainKeys Identified Mail

Similarly to SPF, DKIM is set in TXT records in a sending domain’s DNS. Unlike SPF, DKIM is an authentication technique that validates the content of the message itself.

The owner of the sending domain generates a public/private key pair and stores the public key in a TXT record on the domain’s DNS. Mail servers on the outer boundary of the domain’s infrastructure use the private DKIM key to generate a signature (properly an encrypted hash) of the entire message body, including all headers accumulated on the way out of the sender’s infrastructure. Recipients can decrypt the DKIM signature using the public DKIM key retrieved from DNS, then make sure the hash matches the entire message body, including headers, as they received it.

If the decrypted DKIM signature is a matching hash for the entire body, the message is likely to be legitimate and unaltered—at least as verified by a private key belonging only to the domain owner (the end user does not have or need this key). If the DKIM signature is invalid, you know that the message either did not originate from the purported sender’s domain or has been altered (even if only by adding extra headers) by some other server in between. Or both!

This becomes extremely useful when trying to decide whether a set of headers is legitimate or spoofed—a matching DKIM signature means that the sender’s infrastructure vouches for all headers below the signature line. (And that’s all it means, too—DKIM is merely one tool in the mail server admin’s toolbox.)

DMARC—Domain-based Message Authentication, Reporting, and Conformance

DMARC extends SPF and DKIM. It’s not particularly exciting from the perspective of someone trying to trace a possibly fraudulent email; it boils down to a simple set of instructions for mail servers about how to handle SPF and DKIM records. DMARC can be used to request that a mail server pass, quarantine, or reject a message based on the outcome of SPF and DKIM verification, but it does not add any additional checks on its own.

Werbeanzeigen

Cybersecurity is one of the fastest-growing segments of the technology industry

Source: https://www.fool.com/investing/the-10-biggest-cybersecurity-stocks.aspx

The 10 Biggest Cybersecurity Stocks

When looking to invest in this high-growth tech industry, start with the biggest names on the cybersecurity block.

Cybersecurity is one of the fastest-growing segments of the technology industry. As more people around the globe connect to the internet and hundreds of millions of devices get connected to a network every year, the need to keep all of that data secure is on the rise.

In fact, according to research firm Global Market Insights, cybersecurity is expected to go from a $120 billion-a-year endeavor in 2017 to more than $300 billion in 2024, good for an average 12% annual growth rate. It’s no wonder, then, that so many businesses are getting in on the movement. Old tech titans like Microsoft (NASDAQ:MSFT), Cisco (NASDAQ:CSCO), and Oracle (NYSE:ORCL) all offer cybersecurity as part of their service suites. Other names are investing in the action, too. Old smartphone maker BlackBerry (NYSE:BB), for example, bought small cybersecurity outfit Cylance in early 2019 to further its transformation as a software company.

A silhouette of a person filled in with digital data, signifying artificial intelligence.

Image source: Getty Images.

As the world goes digital, managing new digital-first business operations and keeping information safe and secure will continue to evolve and grow in importance. For those wanting to invest in the cybersecurity industry, researching the biggest names in the business is a good place to get started (after brushing up on the basics here). Here are the 10 largest companies that make cybersecurity their primary concern based on market capitalization (the value of the company calculated by number of shares outstanding multiplied by price per share).

Company Market Capitalization as of July 2019 What the Company Does
1. Palo Alto Networks (NYSE:PANW) $21.3 billion A diversified provider of security solutions, with an increasing focus on cloud software
2. Splunk (NASDAQ:SPLK) $20.5 billion Big data analytics, including security orchestration and automated response
3. Check Point Software (NASDAQ:CHKP) $17.9 billion A diversified provider of security software and hardware
4. CrowdStrike (NASDAQ:CRWD) $17.5 billion Cloud-based endpoint security
5. Okta (NASDAQ:OKTA) $15.4 billion Cloud-based identity and privileged-access management software
6. Fortinet (NASDAQ:FTNT) $14.9 billion A diversified provider of security software and hardware
7. Symantec (NASDAQ:SYMC) $14.0 billion Largest security provider by revenue; owner of LifeLock and Norton Antivirus
8. Akamai Technologies (NASDAQ:AKAM) $13.6 billion Internet content delivery and security
9. Zscaler (NASDAQ:ZS) $10.4 billion Diversified provider of cloud-based security
10. F5 Networks (NASDAQ:FFIV) $8.7 billion Internet and application content delivery and security
Bonus: Proofpoint (NASDAQ:PFPT) $7.0 billion Employee communications and internet security

Data as of July 23, 2019. Data source: YCharts and company-specific investor relations.

Types of cybersecurity stocks

„Cybersecurity“ is the umbrella term, but there are different types of security firms tackling various problems in today’s connected age.

Broad-focus cybersecurity companies

For example, the larger outfits have been angling themselves to cover a wide range of needs, becoming one-stop security shops. Palo Alto Networks and Fortinet are two such companies, covering everything from firewalls (a network feature, sometimes a piece of hardware but more often software, that decides what data to let in and out) to artificial intelligence-based software that automates tasks and monitors an organization’s digital activity.

Endpoint security providers

These companies focus on securing remote devices connected to a network. The number of devices hooked up to the internet has been growing by the hundreds of millions every year, and that trend is expected to continue. Businesses are leading the charge, and everything from employee smartphones and tablets to assets in transit to connected machinery is in need of safekeeping. Endpoint protection software handles that specific need. Startup CrowdStrike, among others, is a specialist in this space.

Specialized security services

These niche companies include Okta, which provides privileged-access management — basically, only allowing users access to the sensitive data that they’re supposed to see. Then there’s security for the cloud, or computing and software that is offered remotely by way of a data center. Zscaler concerns itself with keeping cloud connections and data safe for businesses and organizations.

Regardless of the security need, digital-based operations and communications are on the rise across the board, which means all of the top cybersecurity companies are experiencing growth of some sort. That creates an opportunity for investors to cash in on the movement. Here is a breakdown of each of the top cybersecurity companies and how their stocks are valued.

The top 10 biggest cybersecurity stocks

1. Palo Alto Networks: The largest cybersecurity stock

Sitting atop the cybersecurity pure-play list is Palo Alto Networks. The company has built itself into the leader in the security space, offering a broad range of services for its customers from firewalls to automated threat response to cloud security. The largest player in the cybersecurity niche by market cap, Palo Alto has managed to outpace the industry’s average growth rate in spite of its size.

Part of the story behind Palo Alto’s growth is the company’s acquisition spree of smaller competitors. In May 2019, the company announced its intent to purchase two cloud-based cybersecurity outfits, one for $410 million and the other for a smaller undisclosed sum. Both were added to a new cloud security service segment called Prisma, aimed at continuously updating Palo Alto’s offerings as needs of customers evolve over time. CEO Nikesh Arora, a former executive at Alphabet’s (NASDAQ:GOOGL) (NASDAQ:GOOG) Google, has indicated that strategic acquisitions will continue to play an integral part in his company’s strategy to remain relevant.

The sums of money paid for acquisitions have been substantial (at least $1 billion spent since 2018), and they’re among the reasons Palo Alto is not yet a profitable business. However, when backing out one-time nonrecurring expenses and noncash items, the company still manages to post positive free cash flow (money left over after basic operating expenses and capital expenditures). In short, that means the company can afford its aggressive buying spree.

The free cash flow generation is important, because it gives the leader in pure-play network security the wiggle room it needs to invest heavily in cloud computing, AI, and other technology as customer needs change over time. Global cloud spending is expected to grow an average of about 16% a year through 2022, according to technology research group Gartner. Sitting at the intersection of two double-digit growth industries, that long-term trend should give Palo Alto Networks an enduring outlet to sustain double-digit sales growth and help it maintain its pole position within the world of cybersecurity.

2. Splunk: Big data and securing business operations

Splunk started out as a big data monitoring company. Its software suite allows organizations to analyze and make sense of information being generated from their digital systems, from websites to connected equipment to payment processing networks, among other things. If it’s an electronic system, it creates data; and if it creates data, Splunk can help monitor it and give customers the ability to make sense of trends and other behavior of digital systems. Incidentally, one of the primary use cases for the data parsing and analytics platform is cybersecurity.

To increase its capabilities in that department, Splunk has also embarked on an aggressive acquisition spree. As a result, the big data company is now a leader in the fast-growing security orchestration, automation, and response (SOAR) segment of the cybersecurity industry. SOAR utilizes artificial intelligence (a software system that mimics how the human brain works and learns and adapts to changing circumstances) to sift through information in real time, detect potential threats, and take action to keep things on lockdown. With data breaches a constant threat, the ability to automate aspects of the workload holds appeal for large organizations.

Despite its size, Splunk has still been growing quickly. The downside is that Splunk is spending lots of cash to foster further expansion, which keeps the company in the red. Specifically, research and development of new software capabilities and sales and marketing to acquire new customers are the biggest line items affecting the bottom line. However, much like Palo Alto Networks, Splunk is free cash flow positive; profits will be a bigger consideration later on as the company matures.

That’s because Splunk’s primary industry, big data analytics, should grow an average of 13% a year and surpass $274 billion in size by 2023 — according to researcher IDC. Along the way, Splunk will also benefit from the booming and fast-changing cybersecurity industry, making it one of the best plays on the trend. The company’s expertise in monitoring and making sense of large and complex sets of data particularly lends itself to keeping business information locked up, and its recent takeovers of smaller peers have helped bolster its position in network security. Splunk’s prospects and chances at continued industry leadership look especially good.

3. Check Point Software: Adjusting to a new technology

Check Point Software, as its name implies, offers software security along with hardware to keep business networks secure. Much like Palo Alto Networks, the company has a diversified mix of solutions covering on-premeses computer networks, cloud, and endpoint protection.

Though it’s one of the largest and oldest cybersecurity companies around (founded in 1993), Check Point has not been growing at the breakneck speed of some of its peers. Low-single-digit sales growth has been the norm for some time. The reason? New technologies like the cloud have made some of Check Point’s legacy services like hardware-based security less compelling. The company is trailing some of its competitors, so spending to update the business model for today’s security needs has been a top priority. It isn’t paying off yet, and Check Point’s sluggish pace could mean its younger peers will bypass it in the years ahead.

There is one thing that makes Check Point different from other companies on this list, though. As an older, well-established company, it does turn a profit. Thus, traditional valuation metrics (without the need to make adjustments for things like stock-based compensation, shares a company pays to employees as an extra perk) work for the stock. However, heavy spending to transform the business into a more relevant one for the times has the bottom line stuck in a rut. Until that changes, there’s little compelling reason to consider the stock.

Check Point has been working hard to update its offerings for more modern needs, but the sheer number of newer start-ups could mean this established cybersecurity business will continue to get disrupted. That’s not an enviable situation to be in, especially when the industry overall is growing by double digits.

4. CrowdStrike: The newest stock on the top-10 list

Endpoint security company CrowdStrike more than doubled in value after it had its IPO (sold shares to raise money, making it available to the general investing public for the first time) in June 2019. That easily puts the firm among the largest in the cybersecurity business by market cap.

The stock has years‘ worth of double-digit sales growth baked into it, but momentum could be on CrowdStrike’s side. Revenues more than doubled in 2018. The number of connected devices around the globe is increasing every year — by the hundreds of millions — which plays right into the hands of this security company and its endpoint-protection software suite. Since many of those devices are not tethered to an office or other physical location, CrowdStrike’s cloud computing-native system lends itself to this type of security particularly well.

Because it is cloud based, CrowdStrike also boasts the ability to make near-instant system updates when a threat is detected, and its software can learn and adapt from uploaded customer data. Paired with millions of new connections getting added to an internet-connected network every year, it adds up to lots of new customer sign-ups and expanding relationships with existing ones. Dollar-based net expansion (which measures how much money existing clients spend each year) has been over 100% for years, indicating customers spend more with CrowdStrike as time passes. It’s a powerful business model, one that CrowdStrike plans on putting to use in other security disciplines as it begins to expand beyond endpoint security. With the cloud and the number of endpoints increasing dramatically, it’s no wonder this stock is off to a hot start and looks like it has years‘ worth of growth left ahead of it.

5. Okta: Keeping data on a need-to-know basis

Another upstart security company, Okta has only been around since 2009, but the identity-protection specialist has been growing like a weed. The company ensures that employees and others with privileged access within an organization get connected to the apps and data they need — and keeps everyone else out. The number of digital systems and software being utilized by organizations continues to rise, increasing the complexity and difficulty in keeping systems secure from intruders. Thus, the need for Okta’s identity services has been booming.

In just a few years‘ time, Okta has become one of the largest cybersecurity pure plays around, with sales consistently growing north of 50% in the past. Management expects that trajectory will moderate to somewhere in the mid-30% range for the foreseeable future — still nothing to balk at. And that rate of expansion could be sustainable, too. According to the Global Market Insights cybersecurity report, identity, authentication, and access management services are expected to be an especially fast-growing subset of cybersecurity, with the potential for services to increase an average of 17% a year through 2024. At the forefront of the movement, Okta is primed to gobble up market share as identity and access management increases in importance.

Here’s the downside: Okta is not a profitable business as of this writing. The company is funneling cash into marketing and research to maximize its sales growth now. Profits will be a concern later. The good news, though, is that gross profit margin (the amount of money the company keeps after producing a service and then selling it but before paying other operating expenses) is on the rise as the company grows.

That bodes well for the future of this cybersecurity leader. Identity security/privileged data access rights is expected to be a high-growth segment of network security for the next few years, and Okta is a leader in the space.

6. Fortinet: Successfully bridging legacy security with the new

Another diversified provider of firewalls, cloud and endpoint security, and identity management, Fortinet took a hit amid worries that the trade war between the U.S. and China would dampen growth in the company’s important international markets — Asia and Europe specifically. Newer security upstarts have also disrupted some of Fortinet’s legacy offerings like hardware-based network security for on-premises protection. Economic and industry headwinds or not, though, this cybersecurity outfit is doing just fine.

Revenues and adjusted earnings were up 20% and 77%, respectively, in 2018. Fortinet has been adding dozens of new deals worth more than $1 million every quarter, winning customers over with its new and improved software suite aimed at keeping all parts of an organization safe. Although less aggressive in its acquisition strategy than Palo Alto Networks or Splunk, Fortinet continues to invest heavily in updating its offerings to keep its customers secure. The cloud has been an area of focus, as well as increasing the number of subscription-based software deals. The investments in new technology have been paying off and yielding results for shareholders, even as other legacy cybersecurity companies have been failing to make the cut.

As a result of its less aggressive nature, Fortinet also runs a profitable business where some of its competitors don’t — and the bottom line has been rising faster than sales as the company’s investments have started to yield results. Ample cash means this security business can continue to invest in its new high-octane segments like cloud, endpoint, and identity security, which bodes well for it being able to maintain its two-figure top-line growth rate for some time even as legacy lines of business fade. With a well-established presence in the industry and a successful business update strategy well underway and paying off, Fortinet is one of the best cybersecurity stocks around.

7. Symantec: The biggest cybersecurity company by revenue

Symantec is the world leader in cybersecurity services when using sales figures as the metric. With nearly $5 billion in revenue in the last year, it is nearly double the size of its younger peers like Palo Alto Networks. Yet despite Symantec’s leadership, its market cap lags. One of the oldest network security players around and owner of recognizable software names like LifeLock and Norton Antivirus, Symantec has had to deal with disruption and shifting technology that have left growth near nonexistent and profitability underwhelming.

Though Symantec has been updating its operations — it recently announced a new comprehensive cloud-based security suite covering everything from email to application login protection — results have been sluggish. Fiscal 2019 sales fell 2%. The company’s legacy operations are holding it back, and bloated operating expenses have meant paltry bottom-line earnings. Not exactly what investors should be looking for from the leader of a high-flying industry.

There could be hope of a rebound, though, as Symantec continues to work through its transition. Chipmaker Broadcom (NASDAQ:AVGO) thought there was value in Symantec and was reportedly interested in acquiring the old security company to add it to its growing software division. However, negotiations fell through, and Symantec will have to go it alone for now. Until the company can demonstrate a strategy that can gain some traction in the growing world of cybersecurity, Symantec will continue to struggle in the wake of younger and more nimble peers that started investing earlier in the shifting landscape.

8. Akamai: Guarding the security of the internet itself

The next security outfit on the list handles a different piece of the industry than any of the others covered thus far. Akamai (NASDAQ:AKAM) helps deliver and secure web content as it travels from its source to the end user, from live and streaming video to traditional web page text and pictures. The internet’s continual expansion has been a boon for Akamai, which has launched new services to cover new web applications (like video streaming) and new mobile device types to keep the internet connection to them secure.

Akamai’s traditional web business is a low- to mid-single-digit growth story, but its newer cloud security services have been growing well into the double digits. New services are still a small fraction of the whole, but they are a high-margin endeavor. Akamai’s bottom line has been getting a big double-digit boost as Akamai’s investment and spending on new web delivery applications subside and past spending starts to yield results.

Akamai has grown into one of the internet’s primary content delivery platforms, responsible for handling as much as a third of global web traffic. As such, this company will be slower moving than other security businesses, but Akamai still has growth prospects ahead of it. Internet infrastructure company Cisco expects web traffic — led by video content — to grow an average of 26% a year through 2022. That means Akamai’s newer business should continue to move the needle for some time; plus the overall operation is solidly in profitable territory. In short, the leading internet content delivery and security company should be a slow-and-steady play for the foreseeable future.

9. Zscaler: Another investment in the cloud

Back to small but up-and-coming cybersecurity. Zscaler has its sights set on securing cloud computing and thus built itself from the ground up as a cloud-only software suite. The world is going mobile, and so are business operations. With fewer centralized locations and more remotely connected devices popping up, Zscaler helps keep newer business networks safe for its customers and their employees.

With a business model similar to those of CrowdStrike and Okta, Zscaler plays in a new multibillion-dollar industry that will only continue to grow larger, and the company has been frank in saying it is all about maximizing growth right now. And no wonder, as Gartner says in its cloud research that annual spending will nearly double from 2018 to 2022 to more than $330 billion a year. Sales at Zscaler have been growing north of 60% year over year for some time, but what’s a few hundred million in annual sales when the whole market is worth hundreds of billions? The downside is that in spite of massive growth and a rosy outlook for the good times to continue, operating losses are still substantial. With Zscaler all about nurturing sales as fast as possible, the red ink is unlikely to disappear anytime soon.

Much like its start-up peers, though, Zscaler takes those losses by design as it keeps its foot on the gas. Gross profit margin was an enviable 81% at last report, one of the best in the industry. With profit potential like that in a fast-expanding cloud computing sandbox, it makes sense Zscaler is all about growth now and profit later. With the world going mobile, this security stock looks like an especially promising one in the years ahead as it takes advantage of its early cloud-based security lead.

10. F5 Networks: Lagging behind the cybersecurity growth average

F5 Networks provides hardware and software solutions that help companies keep their applications and app delivery secure. Similar to Akamai, the company’s legacy business isn’t exactly lighting the world on fire. However, newer services, particularly those aimed at cloud computing-based apps, are on a tear. To that end, F5 recently acquired app optimization and security peer NGINX for $670 million.

It’s a sizable sum but likely a prudent move for F5. The company has been reporting low-single-digit revenue growth the last few years — nearly all of which has been driven by big expansion in its software service segment. While the top line has been sluggish, the upside is that new software and security offerings are a much more profitable concern. As a result, earnings are up nearly 40% over the last trailing three-year stretch.

During its transition phase to more modern app security and delivery, F5’s stock has taken a beating. There’s worry that the transition will continue to be a bumpy one, thus making this stock among the cheapest in the cybersecurity industry. However, though the low valuation reflects the fact that F5 has fallen behind the curve in the digital age, F5 is an inexpensive play on digital security and delivery. With internet traffic and content delivery still a slow-and-steady endeavor, F5 can continue to thrive — albeit at a much slower rate than elsewhere in cybersecurity.

Bonus. Proofpoint: An up-and-coming communications security specialist

One of the smaller outfits in the security space, Proofpoint is worth a mention as a bonus number 11 on the top-10 list. The company specifically helps organizations keep their employees safe. Email attacks are a key pain point for many businesses, and securing communications in that department — as well as on social media, cloud applications, and mobile devices — is a specialty at Proofpoint.

Though a niche offering within the greater cybersecurity industry, Proofpoint is expanding fast. After the company grew 38% in 2018, management forecasted full-year 2019 revenue to be up at least another 22%. However, as with its high-powered sales-oriented peers, the company does run up big losses. As with many other cybersecurity plays we’ve been discussing, though, that’s due to Proofpoint reinvesting in itself to foster more growth.

Nevertheless, when we adjust the bottom line for one-time items and other noncash expenses, Proofpoint is free cash flow positive, a metric that has been steadily on the rise. That should help Proofpoint keep up its double-digit growth trajectory as employee access points via remote computers, smartphones, and other devices continue to boom in the States and especially overseas. It’s a much smaller business than the top 10 companies are, but this cybersecurity concern still offers a compelling growth story worth keeping an eye on as it keeps communications safe and secure.

Proofpoint will also likely see long-term benefit from the explosion in devices hooked up to a network in the years ahead. The workforce’s increasing mobility means keeping employee communications on lockdown will be an increasingly complex problem, one that this small security company can help solve.

An illustrated shield displayed on top of a wall of digital data.

Image source: Getty Images.

Choosing the right cybersecurity stock to invest in

Taking a high-level look at the biggest companies in the cybersecurity market is only the start to choosing an investment. Some of the stocks are buys, others not so much. As the industry is still in high-growth mode and adapting fast to technological developments, investors would be best off picking the companies posting the fastest revenue expansion rates and those that carry the highest gross profit margins. Click here for a discussion on the top cybersecurity stocks and an introduction on how to pick the best companies in the industry.

Before investing, though, it’s important to remember a few things. Though cybersecurity is one of the fastest-expanding industries around, with high growth expectations comes a high level of volatility. Stock prices can run higher very quickly — and reverse course just as fast. Only investors who have a long-term perspective (no less than a few years) and the ability to purchase a position over time (buying a few shares at a time on a set schedule, like monthly, quarterly, or whenever the stock dips in price by at least double digits) should consider buying.

For those with the time to wait, though, investing in cybersecurity should be a profitable endeavor. In a decade’s time, this top-10 list will no doubt look very different, but a few of these names will still be around and will likely be much larger than they are today.

 

Travel Blogging

„While travel blogging is a relatively young phenomenon, it has already evolved into a mature and sophisticated business model, with participants on both sides working hard to protect and promote their brands.

Those on the industry side say there’s tangible commercial benefit, provided influencers are carefully vetted.
„If people are actively liking and commenting on influencers‘ posts, it shows they’re getting inspired by the destination,“ Keiko Mastura, PR specialist at the Japan National Tourism Organization, tells CNN Travel.
„We monitor comments and note when users tag other accounts or comment about the destination, suggesting they’re adding it to their virtual travel bucket lists. Someone is influential if they have above a 3.5% engagement rate.“
For some tourism outlets, bloggers offer a way to promote products that might be overlooked by more conventional channels. Even those with just 40,000 followers can make a difference.
Kimron Corion, communications manager of Grenada’s Tourism Authority, says his organization has „had a lot of success engaging with micro-influencers who exposed some of our more niche offerings effectively.“
Such engagement doesn’t come cheap though.“

That means extra pressure in finding the right influencer to convey the relevant message — particularly when the aim is to deliver real-time social media exposure.
„We analyze each profile to make sure they’re an appropriate fit,“ says Florencia Grossi, director of international promotion for Visit Argentina. „We look for content with dynamic and interesting stories that invites followers to live the experience.“
One challenge is weeding out genuine influencers from the fake, a job that’s typically done by manually scrutinizing audience feedback for responses that betray automated followers. Bogus bloggers are another reason the market is becoming increasingly wary.“

What Proroguing UK Parliament means to Brexit – UK Parliament Suspension

Source: https://edition.cnn.com/2019/08/28/uk/uk-parliament-suspension-what-it-means-for-brexit-gbr-intl/index.html

 

the combination of repressive regimes with IT monopolies endows those regimes with a built-in advantage over open societies

Source: https://www.wired.com/story/mortal-danger-chinas-push-into-ai/

Governments and companies worldwide are investing heavily in artificial intelligence in hopes of new profits, smarter gadgets, and better health care. Financier and philanthropist George Soros told the World Economic Forum in Davos Thursday that the technology may also undermine free societies and create a new era of authoritarianism.

“I want to call attention to the mortal danger facing open societies from the instruments of control that machine learning and artificial intelligence can put in the hands of repressive regimes,” Soros said. He made an example of China, repeatedly calling out the country’s president, Xi Jinping.

China’s government issued a broad AI strategy in 2017, asserting that it would surpass US prowess in the technology by 2030. As in the US, much of the leading work on AI in China takes place inside a handful of large tech companies, such as search engine Baidu and retailer and payments company Alibaba.

Soros argued that AI-centric tech companies like those can become enablers of authoritarianism. He pointed to China’s developing “social credit” system, aimed at tracking citizens’ reputations by logging financial activity, online interactions, and even energy use, among other things. The system is still taking shape, but depends on data and cooperation from companies like payments firm Ant Financial, a spinout of Alibaba. “The social credit system, if it became operational, would give Xi Jinping total control over the people,” Soros said.

Soros argued that synergy like that between corporate and government AI projects creates a more potent threat than was posed by Cold War–era autocrats, many of whom spurned corporate innovation. “The combination of repressive regimes with IT monopolies endows those regimes with a built-in advantage over open societies,” Soros said. “They pose a mortal threat to open societies.”

Soros is far from the first to raise an alarm about the dangers of AI technology. It’s a favorite topic of Elon Musk, and last year Henry Kissinger called for a US government commission to examine the technology’s risks. Google cofounder Sergey Brin warned in Alphabet’s most recent annual shareholder letter that AI technology had downsides, including the potential to manipulate people. Canada and France plan to establish an intergovernmental group to study how AI changes societies.

The financier attempted to draft Donald Trump into his AI vigilance campaign. He advised the president to be tougher on Chinese telecoms manufacturers ZTE and Huawei, to prevent them from dominating the high-bandwidth 5G mobile networks being built around the world. Both companies are already reeling from sanctions by the US and other governments.

Soros also urged the well-heeled attendees of Davos to help forge international mechanisms to prevent AI-enhanced authoritarianism—and that could both include and contain China. He asked them to imagine a technologically oriented version of the treaty signed after World War II that underpins the United Nations, binding countries into common standards for human rights and freedoms.

Here is the text of Soros’s speech:

I want to use my time tonight to warn the world about an unprecedented danger that’s threatening the very survival of open societies.

Last year when I stood before you I spent most of my time analyzing the nefarious role of the IT monopolies. This is what I said: “An alliance is emerging between authoritarian states and the large data rich IT monopolies that bring together nascent systems of corporate surveillance with an already developing system of state sponsored surveillance. This may well result in a web of totalitarian control the likes of which not even George Orwell could have imagined.”

Tonight I want to call attention to the mortal danger facing open societies from the instruments of control that machine learning and artificial intelligence can put in the hands of repressive regimes. I’ll focus on China, where Xi Jinping wants a one-party state to reign supreme.

A lot of things have happened since last year and I’ve learned a lot about the shape that totalitarian control is going to take in China.

All the rapidly expanding information available about a person is going to be consolidated in a centralized database to create a “social credit system.” Based on that data, people will be evaluated by algorithms that will determine whether they pose a threat to the one-party state. People will then be treated accordingly.

The social credit system is not yet fully operational, but it’s clear where it’s heading. It will subordinate the fate of the individual to the interests of the one-party state in ways unprecedented in history.

I find the social credit system frightening and abhorrent. Unfortunately, some Chinese find it rather attractive because it provides information and services that aren’t currently available and can also protect law-abiding citizens against enemies of the state.

China isn’t the only authoritarian regime in the world, but it’s undoubtedly the wealthiest, strongest and most developed in machine learning and artificial intelligence. This makes Xi Jinping the most dangerous opponent of those who believe in the concept of open society. But Xi isn’t alone. Authoritarian regimes are proliferating all over the world and if they succeed, they will become totalitarian.

As the founder of the Open Society Foundations, I’ve devoted my life to fighting totalizing, extremist ideologies, which falsely claim that the ends justify the means. I believe that the desire of people for freedom can’t be repressed forever. But I also recognize that open societies are profoundly endangered at present.

What I find particularly disturbing is that the instruments of control developed by artificial intelligence give an inherent advantage to authoritarian regimes over open societies. For them, instruments of control provide a useful tool; for open societies, they pose a mortal threat.

I use “open society” as shorthand for a society in which the rule of law prevails as opposed to rule by a single individual and where the role of the state is to protect human rights and individual freedom. In my personal view, an open society should pay special attention to those who suffer from discrimination or social exclusion and those who can’t defend themselves.

By contrast, authoritarian regimes use whatever instruments of control they possess to maintain themselves in power at the expense of those whom they exploit and suppress.

How can open societies be protected if these new technologies give authoritarian regimes a built-in advantage? That’s the question that preoccupies me. And it should also preoccupy all those who prefer to live in an open society.

Open societies need to regulate companies that produce instruments of control, while authoritarian regimes can declare them “national champions.” That’s what has enabled some Chinese state-owned companies to catch up with and even surpass the multinational giants.

This, of course, isn’t the only problem that should concern us today. For instance, man-made climate change threatens the very survival of our civilization. But the structural disadvantage that confronts open societies is a problem which has preoccupied me and I’d like to share with you my ideas on how to deal with it.

My deep concern for this issue arises out of my personal history. I was born in Hungary in 1930 and I’m Jewish. I was 13 years old when the Nazis occupied Hungary and started deporting Jews to extermination camps.

I was very fortunate because my father understood the nature of the Nazi regime and arranged false identity papers and hiding places for all members of his family, and for a number of other Jews as well. Most of us survived.

The year 1944 was the formative experience of my life. I learned at an early age how important it is what kind of political regime prevails. When the Nazi regime was replaced by Soviet occupation I left Hungary as soon as I could and found refuge in England.

At the London School of Economics I developed my conceptual framework under the influence of my mentor, Karl Popper. That framework proved to be unexpectedly useful when I found myself a job in the financial markets. The framework had nothing to do with finance, but it is based on critical thinking. This allowed me to analyze the deficiencies of the prevailing theories guiding institutional investors. I became a successful hedge fund manager and I prided myself on being the best paid critic in the world.

Running a hedge fund was very stressful. When I had made more money than I needed for myself or my family, I underwent a kind of midlife crisis. Why should I kill myself to make more money? I reflected long and hard on what I really cared about and in 1979 I set up the Open Society Fund. I defined its objectives as helping to open up closed societies, reducing the deficiencies of open societies and promoting critical thinking.

My first efforts were directed at undermining the apartheid system in South Africa. Then I turned my attention to opening up the Soviet system. I set up a joint venture with the Hungarian Academy of Science, which was under Communist control, but its representatives secretly sympathized with my efforts. This arrangement succeeded beyond my wildest dreams. I got hooked on what I like to call “political philanthropy.” That was in 1984.

In the years that followed, I tried to replicate my success in Hungary and in other Communist countries. I did rather well in the Soviet empire, including the Soviet Union itself, but in China it was a different story.

My first effort in China looked rather promising. It involved an exchange of visits between Hungarian economists who were greatly admired in the Communist world, and a team from a newly established Chinese think tank which was eager to learn from the Hungarians.

Based on that initial success, I proposed to Chen Yizi, the leader of the think tank, to replicate the Hungarian model in China. Chen obtained the support of Premier Zhao Ziyang and his reform-minded policy secretary Bao Tong.

A joint venture called the China Fund was inaugurated in October 1986. It was an institution unlike any other in China. On paper, it had complete autonomy.

Bao Tong was its champion. But the opponents of radical reforms, who were numerous, banded together to attack him. They claimed that I was a CIA agent and asked the internal security agency to investigate. To protect himself, Zhao Ziyang replaced Chen Yizi with a high-ranking official in the external security police. The two organizations were co-equal and they couldn’t interfere in each other’s affairs.

I approved this change because I was annoyed with Chen Yizi for awarding too many grants to members of his own institute and I was unaware of the political infighting behind the scenes. But applicants to the China Fund soon noticed that the organization had come under the control of the political police and started to stay away. Nobody had the courage to explain to me the reason for it.

Eventually, a Chinese grantee visited me in New York and told me, at considerable risk to himself. Soon thereafter, Zhao Ziyang was removed from power and I used that excuse to close the foundation. This happened just before the Tiananmen Square massacre in 1989 and it left a “black spot” on the record of the people associated with the foundation. They went to great length to clear their names and eventually they succeeded.

In retrospect, it’s clear that I made a mistake in trying to establish a foundation which operated in ways that were alien to people in China. At that time, giving a grant created a sense of mutual obligation between the donor and recipient and obliged both of them to remain loyal to each other forever.

So much for history. Let me now turn to the events that occurred in the last year, some of which surprised me.

When I first started going to China, I met many people in positions of power who were fervent believers in the principles of open society. In their youth they had been deported to the countryside to be re-educated, often suffering hardships far greater than mine in Hungary. But they survived and we had much in common. We had all been on the receiving end of a dictatorship.

They were eager to learn about Karl Popper’s thoughts on the open society. While they found the concept very appealing, their interpretation remained somewhat different from mine. They were familiar with Confucian tradition, but there was no tradition of voting in China. Their thinking remained hierarchical and carried a built-in respect for high office. I, on the other hand I was more egalitarian and wanted everyone to have a vote.

So, I wasn’t surprised when Xi Jinping ran into serious opposition at home; but I was surprised by the form it took. At last summer’s leadership convocation at the seaside resort of Beidaihe, Xi Jinping was apparently taken down a peg or two. Although there was no official communique, rumor had it that the convocation disapproved of the abolition of term limits and the cult of personality that Xi had built around himself.

It’s important to realize that such criticisms were only a warning to Xi about his excesses, but did not reverse the lifting of the two-term limit. Moreover, “The Thought of Xi Jinping,” which he promoted as his distillation of Communist theory was elevated to the same level as the “Thought of Chairman Mao.” So Xi remains the supreme leader, possibly for lifetime. The ultimate outcome of the current political infighting remains unresolved.

I’ve been concentrating on China, but open societies have many more enemies, Putin’s Russia foremost among them. And the most dangerous scenario is when these enemies conspire with, and learn from, each other on how to better oppress their people.

The question poses itself, what can we do to stop them?

The first step is to recognize the danger. That’s why I’m speaking out tonight. But now comes the difficult part. Those of us who want to preserve the open society must work together and form an effective alliance. We have a task that can’t be left to governments.

History has shown that even governments that want to protect individual freedom have many other interests and they also give precedence to the freedom of their own citizens over the freedom of the individual as a general principle.

My Open Society Foundations are dedicated to protecting human rights, especially for those who don’t have a government defending them. When we started four decades ago there were many governments which supported our efforts but their ranks have thinned out. The US and Europe were our strongest allies, but now they’re preoccupied with their own problems.

Therefore, I want to focus on what I consider the most important question for open societies: what will happen in China?

The question can be answered only by the Chinese people. All we can do is to draw a sharp distinction between them and Xi Jinping. Since Xi has declared his hostility to open society, the Chinese people remain our main source of hope.

And there are, in fact, grounds for hope. As some China experts have explained to me, there is a Confucian tradition, according to which advisors of the emperor are expected to speak out when they strongly disagree with one of his actions or decrees, even that may result in exile or execution.

This came as a great relief to me when I had been on the verge of despair. The committed defenders of open society in China, who are around my age, have mostly retired and their places have been taken by younger people who are dependent on Xi Jinping for promotion. But a new political elite has emerged that is willing to uphold the Confucian tradition. This means that Xi will continue to have a political opposition at home.

Xi presents China as a role model for other countries to emulate, but he’s facing criticism not only at home but also abroad. His Belt and Road Initiative has been in operation long enough to reveal its deficiencies.

It was designed to promote the interests of China, not the interests of the recipient countries; its ambitious infrastructure projects were mainly financed by loans, not by grants, and foreign officials were often bribed to accept them. Many of these projects proved to be uneconomic.

The iconic case is in Sri Lanka. China built a port that serves its strategic interests. It failed to attract sufficient commercial traffic to service the debt and enabled China to take possession of the port. There are several similar cases elsewhere and they’re causing widespread resentment.

Malaysia is leading the pushback. The previous government headed by Najib Razak sold out to China but in May 2018 Razak was voted out of office by a coalition led by Mahathir Mohamed. Mahathir immediately stopped several big infrastructure projects and is currently negotiating with China how much compensation Malaysia will still have to pay.

The situation is not as clear-cut in Pakistan, which has been the largest recipient of Chinese investments. The Pakistani army is fully beholden to China but the position of Imran Khan who became prime minister last August is more ambivalent. At the beginning of 2018, China and Pakistan announced grandiose plans in military cooperation. By the end of the year, Pakistan was in a deep financial crisis. But one thing became evident: China intends to use the Belt and Road Initiative for military purposes as well.

All these setbacks have forced Xi Jinping to modify his attitude toward the Belt and Road Initiative. In September, he announced that “vanity projects” will be shunned in favor of more carefully conceived initiatives and in October, the People’s Daily warned that projects should serve the interests of the recipient countries.

Customers are now forewarned and several of them, ranging from Sierra Leone to Ecuador, are questioning or renegotiating projects.

Most importantly, the US government has now identified China as a “strategic rival.” President Trump is notoriously unpredictable, but this decision was the result of a carefully prepared plan. Since then, the idiosyncratic behavior of Trump has been largely superseded by a China policy adopted by the agencies of the administration and overseen by Asian affairs advisor of the National Security Council Matt Pottinger and others. The policy was outlined in a seminal speech by Vice President Mike Pence on October 4th.

Even so, declaring China a strategic rival is too simplistic. China is an important global actor. An effective policy towards China can’t be reduced to a slogan.

It needs to be far more sophisticated, detailed and practical; and it must include an American economic response to the Belt and Road Initiative. The Pottinger plan doesn’t answer the question whether its ultimate goal is to level the playing field or to disengage from China altogether.

Xi Jinping fully understood the threat that the new US policy posed for his leadership. He gambled on a personal meeting with President Trump at the G20 meeting in Buenos Aires. In the meantime, the danger of global trade war escalated and the stock market embarked on a serious sell-off in December. This created problems for Trump who had concentrated all his efforts on the 2018 midterm elections. When Trump and Xi met, both sides were eager for a deal. No wonder that they reached one, but it’s very inconclusive: a ninety-day truce.

In the meantime, there are clear indications that a broad based economic decline is in the making in China, which is affecting the rest of the world. A global slowdown is the last thing the market wants to see.

The unspoken social contract in China is built on steadily rising living standards. If the decline in the Chinese economy and stock market is severe enough, this social contract may be undermined and even the business community may turn against Xi Jinping. Such a downturn could also sound the death knell of the Belt and Road Initiative, because Xi may run out of resources to continue financing so many lossmaking investments.

On the question of global internet governance, there’s an undeclared struggle between the West and China. China wants to dictate rules and procedures that govern the digital economy by dominating the developing world with its new platforms and technologies. This is a threat to the freedom of the Internet and indirectly open society itself.

Last year I still believed that China ought to be more deeply embedded in the institutions of global governance, but since then Xi Jinping’s behavior has changed my opinion. My present view is that instead of waging a trade war with practically the whole world, the US should focus on China. Instead of letting ZTE and Huawei off lightly, it needs to crack down on them. If these companies came to dominate the 5G market, they would present an unacceptable security risk for the rest of the world.

Regrettably, President Trump seems to be following a different course: make concessions to China and declare victory while renewing his attacks on US allies. This is liable to undermine the US policy objective of curbing China’s abuses and excesses.

To conclude, let me summarize the message I’m delivering tonight. My key point is that the combination of repressive regimes with IT monopolies endows those regimes with a built-in advantage over open societies. The instruments of control are useful tools in the hands of authoritarian regimes, but they pose a mortal threat to open societies.

China is not the only authoritarian regime in the world but it is the wealthiest, strongest and technologically most advanced. This makes Xi Jinping the most dangerous opponent of open societies. That’s why it’s so important to distinguish Xi Jinping’s policies from the aspirations of the Chinese people. The social credit system, if it became operational, would give Xi total control over the people. Since Xi is the most dangerous enemy of the open society, we must pin our hopes on the Chinese people, and especially on the business community and a political elite willing to uphold the Confucian tradition.

This doesn’t mean that those of us who believe in the open society should remain passive. The reality is that we are in a Cold War that threatens to turn into a hot one. On the other hand, if Xi and Trump were no longer in power, an opportunity would present itself to develop greater cooperation between the two cyber-superpowers.

It is possible to dream of something similar to the United Nations Treaty that arose out of the Second World War. This would be the appropriate ending to the current cycle of conflict between the US and China. It would reestablish international cooperation and allow open societies to flourish. That sums up my message.

Facebook knows so much about its users that it can link their accounts, even when created under different names, from different devices.

Source: https://www.wired.com/story/instagram-unlink-account-wont-unlink-facebook/

The settings on Instagram include a page devoted to the “Linked Accounts” feature. As you might expect, it displays … your linked accounts. Users have the option to connect to Twitter, Tumblr, and, of course, Instagram’s parent company, Facebook, among others.

On first glance, the feature appears pretty straightforward—apps that aren’t linked are shown in gray, linked apps appear in color. When it comes to Facebook, however, the feature may be misleading.

Like other platforms shown under the “Linked Accounts” menu on Instagram, the option to link your Facebook profile is ostensibly disabled by default. Users must tap the app’s grayed out logo and sign in before Instagram displays the two as connected. Once two profiles are connected, an option to “Unlink Account” appears in Instagram settings. Clicking there brings up a warning: “Unlinking makes it harder to get access to your Instagram account if you get locked out.”

Common sense suggests that if you unlink a Facebook account from your Instagram profile, you’ve unlinked that Facebook account from your Instagram profile. But like many things Facebook, common sense does not exactly apply here. Clicking Unlink Account does not actually unlink a Facebook account from Instagram, a Facebook spokesperson told WIRED, because it isn’t possible to separate the two. Even if a user never explicitly linked their Facebook and Instagram profiles, they are intrinsically connected—Finstagrams be damned—and will continue to be, regardless of how many times you mash “Unlink Account.”

That’s because the wealth of data that Facebook collects through its multiple services is more than enough to properly identify users’ various accounts and link them to one another. Even in cases where a different name, email address, or device was used to create each account—be it a throwaway WhatsApp profile, stalker Instagram account, or joke Facebook profile—Facebook often is able to suss out who is actually behind the account and whether they have accounts on other Facebook-owned apps.

“Because Facebook and Instagram share infrastructure, systems and technology, we connect information about your activities across our services based on a variety of signals,” a Facebook spokesperson told WIRED. “Linking or unlinking your accounts in the app doesn’t affect this.”

The disclosure comes as Facebook moves to integrate previously independent apps such as Instagram and WhatsApp. Messenger, Instagram, and WhatsApp are being combined into one mega-chat app (problematic enough on its own), while Instagram and WhatsApp have been rechristened as “Instagram from Facebook” and “WhatsApp from Facebook.”

But even as the apps are being woven more tightly together, they’re not all equal in the minds of Facebook executives. The Linked Accounts feature on Instagram appears designed to funnel traffic to Facebook, where user growth has flatlined, as Instagram’s growth continues apace. Meanwhile, Facebook last year made a contentious decision to stop funneling traffic to Instagram.

The spokesperson said Facebook began linking accounts behind the scenes based on data it had gathered about users shortly after it acquired Instagram in 2012. The spokesperson said that Facebook collects and connects this information about users’ activities in order to give users a “personalized experience” across all of the apps under the company’s umbrella, like more precisely targeted ads or in-app recommendations based on an amalgamation of the user’s cross-platform activities.

For users who thought they could keep various accounts separate, the realities of this “personalized experience” can prove frustrating. The spokesperson noted that Facebook could use this data to suggest that a user join a Facebook group that includes people that they follow on Instagram or chat with over Messenger. That could pose privacy concerns for users who want their activity on an unlinked Instagram account isolated from their prime Facebook profile.

The connections among these accounts pose additional challenges on the back end. Some users that set out to create Finstagrams complain that they’ve found their new accounts linked to their prime Facebook profiles, resulting in all of their friends, half-acquaintances, and distant relatives receiving a notification to follow their supposedly private Finsta.

Six Instagram users queried by WIRED said that, though they either did not recall ever linking their Facebook and Instagram accounts or explicitly unlinked the two, they are still served notifications that can only be dismissed by clicking the “Open Facebook” button inside the Instagram app. Despite the fact that their accounts are not explicitly linked, clicking the button brings them to either the Facebook app or a logged-in mobile web version of the site.

Asked about the issue, a Facebook spokesperson at first said it was a bug, then later described it as a feature. Regardless of whether an Instagram user has elected to link their Facebook profile, so long as they have an account, the company has linked the two internally, and tapping “Open Facebook” in Instagram will take them to the associated account, the spokesperson said. “It’s just one of the ways that we can help people to understand that Facebook is there,” the spokesperson said.

All users will likely see a notification bubble in Instagram which can only be dismissed by clicking Open Facebook. However, the number of notifications served to users who haven’t linked their Facebook accounts will effectively be made up.

“With an unlinked account … it’s not an accurate representation of what your actual number of Facebook notifications are,” the spokesperson explained. Tapping the Open Facebook button, the spokesperson said, ”will again either open the app if you have it or just open you onto the web page.”

The Facebook spokesperson says the company began testing the Open Facebook feature in June 2018 and introduced it to some users in August 2018. The spokesperson wasn’t sure whether the Open Facebook feature was currently the default for all users, or whether it was still being rolled out to all users.

Steve Rymell Head of Technology, Airbus CyberSecurity answers What Should Frighten us about AI-Based Malware?

Of all the cybersecurity industry’s problems, one of the most striking is the way attackers are often able to stay one step ahead of defenders without working terribly hard. It’s an issue whose root causes are mostly technical: the prime example are software vulnerabilities which cyber-criminals have a habit of finding out about before vendors and their customers, leading to the almost undefendable zero-day phenomenon which has propelled many famous cyber-attacks.

A second is that organizations struggling with the complexity of unfamiliar and new technologies make mistakes, inadvertently leaving vulnerable ports and services exposed. Starkest of all, perhaps, is the way techniques, tools, and infrastructure set up to help organizations defend themselves (Shodan, for example but also numerous pen-test tools) are now just as likely to be turned against businesses by attackers who tear into networks with the aggression of red teams gone rogue.

Add to this the polymorphic nature of modern malware, and attackers can appear so conceptually unstoppable that it’s no wonder security vendors increasingly emphasize the need not to block attacks but instead respond to them as quickly as possible.

The AI fightback
Some years back, a list of mostly US-based start-ups started a bit of a counter-attack against the doom and gloom with a brave new idea – AI machine learning (ML) security powered by algorithms. In an age of big data, this makes complete sense and the idea has since been taken up by all manner of systems used to for anti-spam, malware detection, threat analysis and intelligence, and Security Operations Centre (SoC) automation where it has been proposed to help patch skills shortages.

I’d rate these as useful advances, but there’s no getting away from the controversial nature of the theory, which has been branded by some as the ultimate example of technology as a ‘black box’ nobody really understands. How do we know that machine learning is able to detect new and unknown types of attack that conventional systems fail to spot? In some cases, it could be because the product brochure says so.

Then the even bigger gotcha hits you – what’s stopping attackers from outfoxing defensive ML with even better ML of their own? If this were possible, even some of the time, the industry would find itself back at square one.

This is pure speculation, of course, because to date nobody has detected AI being used in a cyber-attack, which is why our understanding of how it might work remains largely based around academic research such as IBM’s proof-of-concept DeepLocker malware project.

What might malicious ML look like?
It would be unwise to ignore the potential for trouble. One of the biggest hurdles faced by attackers is quickly understanding what works, for example when sending spam, phishing and, increasingly, political disinformation.

It’s not hard to imagine that big data techniques allied to ML could hugely improve the efficiency of these threats by analyzing how targets react to and share them in real time. This implies the possibility that such campaigns might one day evolve in a matter of hours or minutes; a timescale defender would struggle to counter using today’s technologies.

A second scenario is one that defenders would even see: that cyber-criminals might simulate the defenses of a target using their own ML to gauge the success of different attacks (a technique already routinely used to evade anti-virus). Once again, this exploits the advantage that attackers always have sight of the target, while defenders must rely on good guesses.

Or perhaps ML could simply be used to crank out vast quantities of new and unique malware than is possible today. Whichever of these approaches is taken – and this is only a sample of the possibilities – it jumps out at you how awkward it would be to defend against even relatively simple ML-based attacks. About the only consolation is that if ML-based AI really is a black box that nobody understands then, logically, the attackers won’t understand it either and will waste time experimenting.

Unintended consequences
If we should fear anything it’s precisely this black box effect. There are two parts to this, the biggest of which is the potential for ML-based malware to cause something unintended to happen, especially when targeting critical infrastructure.

This phenomenon has already come to pass with non-AI malware – Stuxnet in 2010 and NotPetya in 2017 are the obvious examples – both of which infected thousands of organizations not on their original target list after unexpectedly ‘escaping’ into the wild.

When it comes to powerful malware exploiting multiple zero days there’s no such thing as a reliably contained attack. Once released, this kind of malware remains pathogenically dangerous until every system it can infect is patched or taken offline, which might be years or decades down the line.

Another anxiety is that because the expertise to understand ML is still thin on the ground, there’s a danger that engineers could come to rely on it without fully understanding its limitations, both for defense and by over-estimating its usefulness in attack. The mistake, then, might be that too many over-invest in it based on marketing promises that end up consuming resources better deployed elsewhere.  Once a more realistic assessment takes hold, ML could end up as just another tool that is good at solving certain very specific problems.

Conclusion
My contradictory-sounding conclusion is that perhaps ML and AI makes no fundamental difference at all. It’s just another stop on a journey computer security has been making since the beginning of digital time. The problem is overcoming our preconceptions about what it is and what it means. Chiefly, we must overcome the tendency to think of ML and AI as mysteriously ‘other’ because we don’t understand it and therefore find it difficult to process the concept of machines making complex decisions.

It’s not as if attackers aren’t breaching networks already with today’s pre-ML technology or that well-prepared defenders aren’t regularly stopping them using the same technology. What AI reminds us is that the real difference is how organizations are defended, not whether they or their attackers use ML and AI or not. That has always been what separates survivors from victims. Cybersecurity remains a working demonstration of how the devil takes the hindmost.

Source: https://www.infosecurity-magazine.com/opinions/frighten-ai-malware-1/