One place for hosting & domains

      Cyber

      Common Cyber Attacks on Machine Learning Applications


      Machine learning (ML)
      algorithms and models ingest large amounts of data and use pattern recognition to make predictions and adjustments based on that data. ML powers chatbots, product recommendation systems, self-driving cars, and assists in decision-making in the health and financial sectors. Due to the prevalence of tools and frameworks like
      TensorFlow
      and
      PyTorch
      , developers are now able to add ML to their applications with less effort. Before getting started with machine learning, you should be aware of the most common machine learning cyber attacks. When thinking about the security of your ML application, you must consider the following areas:

      • Data: If your data is corrupted in any way, you will not obtain reliable our useful results from your machine learning models.
      • Application: When a model becomes corrupted, even the most perfect data produces incorrect results.
      • Output: An application only produces the output it’s designed to provide. Altering an application to perform tasks other than what it was designed to perform is a misuse of the application.
      • User: Even if all of the other security factors for a machine learning application are correct, users can easily thwart machine learning applications through various means, such as purposely providing bad input or misinterpreting the output.

      This guide discusses the top security vulnerabilities that you may encounter in a machine learning project. Some of these vulnerabilities are common to all software development projects, while others are unique to machine learning ones.

      Evasion

      The evasion attack is the most common issue facing machine learning applications. This attack seeks to modify input data in order to “trick” ML classifiers. For example, a successful evasion attack can insert a malicious algorithm into your application that slightly modifies an image, causing it to be misclassified by the machine learning algorithm. An evasion attack seeks to infiltrate a system in the following ways:

      • Attachment: An attachment can contain malicious code that executes the moment the file is opened.
      • Link: The malicious code executes as soon as the resource pointed to by the link is opened.
      • Image: Viewing an image within a user’s email setup can invoke the malicious code.
      • Spoofing: A hacker impersonates a trusted party.
      • Biometric: Using specially crafted code or other techniques, the attacker simulates a facial expression or fingerprint to gain access to a system.
      • Specially crafted code: It’s possible to train a machine learning model to perturb the output of a target model.

      Poisoning

      A poisoning attack is orchestrated by injecting false information into an application’s data stream, with the goal of producing inaccurate results. There are a number of situations where poisoning may occur. Here are the most common:

      • Using bad data during model training from unreliable or unvetted sources.
      • Providing large amounts of skewed or biased input after model training.

      The attacker usually prefers stealth in this case because the goal is not to bring the system down. Instead, the attacker seeks to change the output in a manner that favors the attacker in some way.
      SVM classifiers
      are often the focus of such attacks because the attacker uses them to perform tasks such as to redraw political or sales boundaries, or to give a particular product an edge during a sales campaign.

      Inference

      If a hacker determines which records from a dataset are used to train a machine learning model, that information can be used to look for vulnerabilities. An inference attack uses data mining and analysis techniques to gain knowledge about the underlying dataset. In most cases, the best results come from
      overfitted models
      . Overfitting happens when a machine learning model follows the original data points too carefully. This makes it possible for the hacker to query a particular data point with relative ease. This attack vector currently works only on
      supervised learning models
      and
      Generative Adversarial Networks (GANs)
      .

      As a hacker sends queries to the model, the model makes predictions based on the confidence levels for each class that the model supports, giving the hacker valuable insights into the underlying application. The worst part of this particular attack is that
      it’s often used against specific people and their data
      , such as their medical records.

      Trojans

      A trojan employs various techniques to create code or data that looks legitimate, but is really designed to take over the application or manipulate specific components of it. The concept of using a trojan against an application is old and is used against applications of all stripes. However, in the case of machine learning, the trojan often remains hidden and seeks to discover more about the data used by the machine learning application, rather than performing more overt tasks, such as deleting files. There are many kinds of trojan attacks, but the list below contains some of the most common for machine learning:

      • Backdoor: Creates a backdoor on the target computer that the hacker can use to remotely control the computer. Remote access allows the hacker to do just about anything desired, including downloading your dataset or model, corrupting a dataset, or causing the model to perform in an unexpected way.
      • Banker: Focuses on a strategy for obtaining or manipulating financial information. When considering the machine learning aspect of this Trojan, you must think about the sorts of information that this Trojan could obtain, such as membership inference, to obtain data, or evasion, to potentially obtain credentials. However, the goals are always to somehow convince a user to download a payload.
      • Downloader: Targets systems that are already compromised and uses its functionality to download additional malware. This malware could be anything, so look for any sort of unusual activity that comprises any part of your system, including your data.
      • Neural: Embeds malicious data into the dataset to create a condition where an action occurs based on an event, like a trigger. In most cases, the attack focuses on changing a neural network’s weights to apply to only certain nodes. This kind of Trojan is most effective against Convolutional Neural Networks (CNNs), although current research shows that you can also use it against Long-Short-Term-Memory (LSTM) and Recurrent Neural Networks (RNNs).

      Backdoors

      This kind of attack uses system, application, or data stream vulnerabilities to gain access to the underlying system or application without providing required security credentials. The focus is on the neural network itself, rather than on specially prepared inputs. Even though this attack is data based, the attack focuses on corrupting the neural network, as is the case with a trojan. The backdoor attack relies on an attacker modifying training data in some manner to gain access to the model, usually through the underlying neural network. Because this kind of attack is so subtle, a separate application is often required to locate and get rid of it.

      Espionage

      An espionage attack involves stealing classified and sensitive data, or intellectual property to gain an advantage over a person, group, or organization. Essentially, this kind of attack involves stealth to
      spy on an organization’s activities to obtain a particular result
      . The attack can go on for years because the attacker’s goal is to remain undetected for as long as possible. The results of the attack are normally subtle too, such as redirecting some, but not all, sales to a particular product. This form of attack can target machine learning data and models. It locates the data by using predictive models to look through logs for particular patterns of access.

      Sabotage

      Sabotage performs deliberate and malicious actions to disrupt normal processes, so that even if the data isn’t corrupted, biased, or damaged in some way, the underlying processes don’t interact with it correctly. Often, sabotage is highly detectable, but at the moment of detection, it’s already too late to do anything about it.
      Financial institutions are particularly susceptible to sabotage
      due to the incredible amounts of data used to create and manage models. In addition, sabotage is often hard to fix because the underlying data must be remediated first and then the model rebuilt.

      Fraud

      Fraud occurs when hackers rely on various techniques, such as phishing or communications from unknown sources, to undermine system, application, or data security in a secretive manner. This level of access can allow for unauthorized or unpaid use of the application and influence ways in which the results are used, such as providing false election projections. Fortunately, there is a lot of research pending that also uses
      machine learning techniques to detect and help mitigate fraud
      .

      Conclusion

      Before adding ML to your project, you should know about the types of cyber attacks that are frequently targeted at machine learning powered applications. Evasion, poisoning, and inference are some of the most common attacks targeted at ML applications. Trojans, backdoors, and espionage are used to attack all types of applications, but they are used in specialized ways against machine learning. Now that you are familiar with the cyber attacks to look out for, you can get started creating an ML powered application, by
      installing TensorFlow on Ubuntu 20.04
      .



      Source link

      Black Friday and Cyber Monday 2020: What to Expect and How to Score the Best Deals


      To say everything has been different in 2020 is an understatement. Ever since COVID-19 hit, life has been turned around, from work to school to play. That goes for the upcoming holiday season, too. You might have to carve the turkey over Zoom this Thanksgiving.

      And the typical shopping sprees that follow on Black Friday and Cyber Monday will be different too.

      The Centers for Disease Control and Prevention (CDC) even posted a guide on how to safely celebrate Thanksgiving during the pandemic, including the holiday shopping season. They advise staying close to home and skipping the in-store doorbuster deals in favor of bargain hunting online.

      But just because things have changed doesn’t mean you still can’t get into the holiday shopping spirit to nab the best deals of the year. The good news is you can still score major bargains while staying safe. We consulted the experts to help you do just that!

      Create a Budget

      “Given the economic impact of COVID-19, some Americans’ budgets will be tighter this holiday season,” says Sara Skirboll, Shopping & Trends Expert at RetailMeNot. “Nearly a third of Americans impacted by COVID-19 (30%) say they will have less money to spend on holiday gifts this year.”

      There’s a good chance COVID-19 may have impacted your budget, so the first step should be assessing exactly how much you have to spend, which may be a very different number than last year. Even if wallets are a little slimmer this season, many families are forging ahead, as usual, to create a bright spot for the holidays after a tough 2020.

      “Consumers are searching for normalcy this year,” Skirboll says. “In fact, 66% of Americans will spend the same amount or more on holiday shopping this year to create normalcy for their family.” Decide what’s reasonable and responsible for your own family.

      The Crowds Will Be Online

      Unsurprisingly, data shows that most people will be shopping online instead of in-store this Black Friday.

      “While we expect the same amount of people to be shopping during Black Friday, online traffic will be significantly higher than in-store traffic,” says Jon Vincent, founder of EarlyBlackFriday.com. “This is due to the fact that retailers will be pushing their customers to shop online and avoid a potential COVID-19 liability in their stores. The last thing retailers want to hear is that a super spreader event happened during their in-store Black Friday sale!”

      EarlyBlackFriday.com predicts a 25% increase in online shopping during Black Friday compared to Black Friday 2019. Traditionally, retailers offer their best Black Friday deals exclusively in stores, but now retailers will be putting their best doorbuster deals online.

      “This will limit the reasons for people to shop in stores,” Vincent says. “In fact, we highly recommend you do not go to the stores at all this Black Friday because every deal can be grabbed online safely from your home.”

      Know There Are Still Deals

      It’s no secret that many retailers are hurting after a tough year. While you might assume that means they’re less likely to slash prices, surprisingly, the opposite is true.

      “Retailers will be very aggressive this year,” says Jeff Rosenblum, co-founder of digital agency Questus. “They are facing pressure to generate revenue to offset the decrease in traditional retail sales and maximize the performance of their digital storefronts. Shoppers can capitalize on this pressure by taking advantage of attractive discounts and promotions.”

      This could be one of the best years ever for Black Friday bargains.

      Make a List

      Man sitting at a desk writing in a notebook.

      Retailers have always offered doorbuster deals that were too good to turn down to get people in stores with the plan that people make impulse buys while there.

      “By shopping online, it helps cut down on those last-minute impulse purchases,” Vincent says. “We suggest you do your research ahead of time by viewing the Black Friday ads in advance and creating a shopping list. By having a well-researched shopping list, you’ll feel better about sticking to it instead of being tempted by a different deal that you might see online.”

      Determine if the Price Is Right

      Just because something says “Black Friday deal” or “Cyber Monday sale” doesn’t mean its price has been significantly slashed. It’s up to you to do some detective work to determine if you’re actually getting a good deal.

      “There is a two-step process that consumers should follow to ensure they are getting the best deals,” Vincent says. “First, on EarlyBlackFriday.com, each retailer’s Black Friday ad is leaked weeks in advance. Take your shopping list and visit the retailer’s website that day to see what the current price of the item is. This will give you an indication of how hot a Black Friday deal is. For example, if the current price is only $10 more than the Black Friday price, the deal might not be that great. Finally, compare prices with other retailers, starting with Amazon.com. If Amazon’s price is significantly higher than the price being offered during Black Friday, you know it’s a great deal.”

      Learn Where to Shop — and When

      “Take advantage of key retail holidays like Cash Back Day, Black Friday, Cyber Monday, Prime Day, and Free Shipping Day,” Skirboll says. “You can score deep discounts on everything from apparel and electronics to beauty, toys, home goods, and more. Shopping on these occasions will help stretch your dollars further. Scour the internet for what’s on your shopping list as some retailers might offer it at a better price or have better offers. Don’t assume you’re getting the best deals until you have searched for coupons and cash-back offers. Do your research and price compare.”

      Take a two-step approach by searching for a sale or coupon code and combine that with a cash-back offer to stack your savings.

      Often, the bigger the retailer, the better the deal. “Traditionally Target, Walmart, and Best Buy have been the best places to find deals during Black Friday, and we expect that trend to continue this year,” Vincent says.

      Even DreamHost will have a Black Friday sale.[a]

      Go Big This Black Friday Weekend

      Our automatic updates and strong security defenses take server management off your hands so you can focus on generating sales.

      Search Online to Your Advantage

      Hands holding a smartphone while shopping online.

      Getting a pop-up ad online for something you just searched for can be annoying, not to mention a little creepy. But that can actually be connected to you landing the best price.

      “There is great value to be garnered by letting brands know you are in the market for a specific product,” Rosenblum says. “When shoppers go on search and social media for specific products, their data is shared with retailers who will then target shoppers with advertisements and promotions. While most of the press and conversation we hear is about data privacy, it’s important to note that data can be a valuable tool. When shoppers search for products, the data signals are analogous to walking into a retail store and asking a salesperson for assistance finding specific products.”

      Practice Online Safety

      Technology can work for and against you. “Beware of email phishing,” cautions Skirboll. “It’s best not to click on links from senders you don’t recognize. Be sure to hover your mouse over links without clicking to see if the address is really taking you to where it says it will. Before sending any personal information over the internet, make sure the website has ‘https://’ at the beginning of its web address. The ‘S’ at the end of HTTPS indicates that the website is secure and your information is encrypted, which makes it safe to enter a credit card number or other personal information.”

      While it’s fine to look up reviews or compare prices using public Wi-Fi, avoid logging on to any sites with sensitive personal information, warns Skirboll. Public Wi-Fi is often vulnerable to people who are looking to steal your info. To ensure your computer and personal information are safe, use anti-virus software on your computer or mobile device, and keep it up to date.

      One last tip: Always buy with a credit card when you can.

      “A credit card provides additional protections over a debit card in case of fraudulent transactions,” Skirboll says. “If your card number is compromised, it’s easier to dispute any charges that you didn’t approve. Using a card also decreases the transference of germs compared to shopping with cash.”

      Be Social Media Savvy

      If you don’t already follow your favorite brands on social media, now is the time to do so, and sign up for their email newsletters as well. They sometimes will post special sales and offers exclusively for their followers on Black Friday and Cyber Monday.

      “Shoppers should monitor Twitter and Facebook feeds from major retailers to look for announcements on when the Black Friday deals are live,” Vincent says. “However, their announcements are sometimes hours after the sales have gone live and the most popular items have sold out. We suggest that you also follow earlyblackfriday.com on Twitter (@EarlyBF) and Facebook. We monitor each retailer’s website in real-time to look for when the deals are live and we will be announcing these sales on our social media feeds.”

      And don’t forget to use apps to your advantage. “Be resourceful—check apps like RetailMeNot to find the latest sales, deals, and cash back offers from thousands of retailers,” Skirboll says.

      Put Your Health First

      Black Friday was built on doorbusters and fleeting in-person deals. But to make adjustments during the COVID-19 era, you can get the same bargains without having to leave your house.

      “There is no reason to visit the physical stores on Black Friday this year,” Vincent says. “While the in-store shopping experience will be made as safe as possible, all of the same deals will be available online, so we do not feel that it’s worth the potential health risk to visit the stores. If customers do end up going to the stores on Black Friday, they can be comforted by the fact that retailers will be making social distancing and mask-wearing mandatory in all stores. Extra staff will be wiping down high-touch surfaces to help prevent the spread of COVID-19. Wearing a mask, practicing social distancing while shopping, and using hand sanitizer once you are done shopping are the best practices you will want to follow.”

      If you’re nervous about shopping in-store this year, you’re not alone.

      “Most Americans have concerns when it comes to holiday shopping this year during COVID-19,” Skirboll says. “Nearly nine in 10 (87%) are concerned about COVID-19 when thinking about holiday season shopping. Among those concerned, top concerns include other shoppers not following CDC guidelines (57%), being around other shoppers (57%), being around crowds during Black Friday shopping (54%), waiting in long lines due to reduced store capacity (50%), or shopping in stores with others (47%).”

      For those reasons, Skirboll says 75% of shoppers will prefer online shopping for holidays, and 18% plan to complete holiday shopping online only. A whopping 88% of consumers say they will not shop the traditional in-store doorbuster deals this year, and Black Friday and Cyber Monday shopping will occur mostly online as more retailers choose to close on Thanksgiving.

      “In-store will continue to have an important role,” Rosenblum says. “A lot of people have quarantine fatigue and are excited to get back to stores, and there are some categories where it’s really important to touch and feel products.”

      Those who still feel the need to shop in person: Ensure retailers take health and safety precautions seriously. Before going to the store, Vincent advises visiting the retailer’s website, going to the store locator page, and selecting their local store location. There should be information on that page that lists the steps the retailer is taking to make their stores safe to shop in.

      Next, when you visit the store, look for signage at the entrance that indicates that social distancing and mask-wearing are mandatory. If you don’t see those signs and there are customers without masks, avoid the store. Any time you see unsafe practices, the best thing to do is simply leave and stick to stores that respect their customers’ health.

      Support Small Businesses 

      Mom-and-pop shops have been hit especially hard this year, with many of them forced to permanently shutter their doors. That’s why it’s crucial to support small businesses as much as you can during the holiday season.

      “Small businesses have to follow the same restrictions as larger retailers, which limit the amount of shoppers they can have in the store at once,” Vincent says. “To safely support your local small business, see if they have a website where you can place an order online or by phone. This will help them limit their in-store traffic so that other shoppers can shop in their stores. Finally, do not expect small businesses to match the extremely low prices you will find at a major online retailer. However, even if you have to pay a little more, it’s good to know that a local small business is benefiting from your sale.”

      You’re Cordially Invited

      Join DreamHost’s Facebook group to connect with like-minded website owners and get advice from peers and experts alike!

      Are You Ready for the Black Friday and Cyber Monday Deals?

      While 2020 may have been a dumpster fire wrapped in a trainwreck, Cyber Week should deliver some solid discounts (along with much needed holiday cheer).

      Whether you decide to shop sales in-person or stick to online-only deals, taking the time to budget, create a wish list, and price check before you shop can help you get the most bang for your buck this holiday season. And no matter the time of year, it’s always important to practice online safety.

      So tell us: Do you have any holiday sales hacks? Follow DreamHost on Twitter or Facebook and share your best tips for saving big on Thanksgiving weekend.

      Above all, have fun, stay safe, and happy shopping!





      Source link

      Cyber Threats Don’t Shut Down for COVID-19


      Today we are pleased to welcome guest blogger Tony Bradley, Senior Manager of Content Marketing for Alert Logic, INAP’s trusted managed security partner and expert in cloud security for financial services customers.
      – Wendy Williams, Product Manager, INAP

      Thanks to the COVID-19 pandemic, we are living in a different world now than the one we had at the beginning of 2020. Everything has changed in terms of how businesses communicate and operate, but some things haven’t changed. In spite of the dramatic shift in the world in general, it is still business as usual for cyber attacks and cybersecurity.

      Everything Has Changed for Companies

      Companies of all sizes and across all industries have been forced to find ways to remain productive and keep the business going while suddenly working with an entirely remote workforce.

      What does that mean from a cybersecurity perspective? It means that users who were previously sitting in an office using company-issued computers connected to a company-managed network are now getting their work done on a random collection of personal and business devices connected to the public internet over their home Wi-Fi networks. The complexity of the environment has skyrocketed, and the exposed attack surface has expanded exponentially.

      Cyber Attacks Are on the Rise

      As challenging as things have been this year for businesses and individuals, the reality is that cyber attackers don’t care about the COVID-19 pandemic, or whether you’re quarantined or not. On the contrary, the chaos and confusion of the sudden shift to working remote and the expansion of the attack surface represent a major opportunity for attackers to exploit.

      Most users are more exposed on their home networks and lack the filters and security controls that exist on a corporate network. The unprecedented situation we are facing has changed standard processes and methods of communication, making it more difficult to determine what is legitimate and what seems suspicious. Employees are also anxious for information and more likely to click on links or open attachments they shouldn’t. As a result, attackers have ramped up phishing, ransomware and business email compromising attacks.

      The Need for Visibility and Vigilance

      It is more important than ever for organizations to have visibility of all endpoints and all activity. That means increasing visibility to encompass the dramatically expanded attack surface, including personal endpoints connected to remote networks. Increased focus on suspicious activity on cloud platforms and cloud-based SaaS (software-as-a-service) applications is also necessary.

      It’s also critical to understand that attackers don’t have business hours. Not only is it always the middle of the day somewhere on the planet, but many attacks—at least the initial exploit that gets attackers through the door—are automated and run around the clock. Organizations need to be vigilant, and that means having security experts monitoring endpoints and activity 24/7 to identify and respond to suspicious or malicious activity.

      Value of MDR

      Businesses have enough to worry about, and very few have the tools or people necessary for effective cybersecurity. This is especially true given the COVID-19 pandemic and expanded attack surface of users connecting from personal devices and home networks. The best strategy is to stay focused on the core strengths of the company and satisfying customers, while engaging with a trusted partner to provide the cybersecurity visibility and vigilance you need.

      Working with a managed detection and response (MDR) provider enables an organization to get the protection and peace of mind they need. INAP and Alert Logic have a strong partnership and provide deep, focused cybersecurity expertise to keep your networks and data safe and give you confidence in your cybersecurity even during these unprecedented times.

      Tony Bradley

      About the Author

      Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com.

      Wendy Williams
      • Product Manager, Private Cloud and Security Services


      READ MORE



      Source link