Griffeye releases new AI technology trained to aid child abuse investigations

Griffeye, one of the world’s platforms for managing, building and sharing digital media, and used by law enforcement agencies across the world, has announced the release of new AI technology that will help investigators filter out relevant information, speed up investigations and free up time to prioritize investigative work such as victim identification. The technology has been trained on child sexual abuse material at Taskforce Argos, Queensland Police in Australia.

AI technology opens up whole new possibilities for investigators. One of the big challenges that law enforcement face today are the large volumes of data, often millions of files, that investigators have to deal with. Finding the clues needed to identify and rescue children is often like looking for a needle in a haystack, and information is often found too late, or not at all. The manual classification also puts investigators under a lot of mental strain, and results in increased investigation times.

“Technology can help solve some of those problems and our hope is that the AI technology produced in the Griffeye Brain programme will provide important relief to strained investigators,” said Johann Hofmann, Director and Head of Griffeye. “Instead of getting bogged down in trying to manually go through the data, it will help them prioritize and free up time to spend time on analysis and solving crime.”

The AI scans through previously unseen footage and suggests images that it believes depicts child sexual abuse content. The AI outputs a score that can be used to tell whether a file is pertinent to the investigation or not.

“These first tests show very promising results. They show that AI performs well in some of the toughest application and that it has great potential,” said Hofmann. “However, the results from the AI technology doesn’t by any means take the human investigator out of the loop. Instead it aids the investigator in making qualified assessments. What it does do is automatically group and filter material and it helps investigators prioritize.”

“The next step is to see how the technology works in different settings,” Hofmann continued. “We know it works on live data managed within Taskforce Argos’ database in Queensland Australia, but we still need to find out how it works on data in other countries that is possibly classified based on other jurisdictions. We hope to work with our users to continue develop the technology and improve it even further.”

The version released is the first beta version, that will be further developed and fine-tuned in several stages during 2018. The Griffeye AI program, called Griffeye Brain, aims to innovate how AI is applied to law enforcement work processes. The CSA classifier is the first outcome of the programme.

The Griffeye Brain CSA classifier has been trained on real CSA case data at Taskforce Argos, Queensland Police in Australia. Training the algorithm on real data is necessary for it to work and it is absolutely crucial how the training is conducted and what data it is being trained on.

“The performance of the AI algorithm is directly related to the quality of the data that it is trained on,” said Hofmann. “Taskforce Argos’ database is one of the best, quality assured databases in the world.”



Fortinet Threat Landscape Report Reveals an Evolution of Malware to Exploit Cryptocurrencies

Phil Quade, chief information security officer, Fortinet

“We face a troubling convergence of trends across the cybersecurity landscape. Malicious cyber actors are demonstrating their efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats, and maximizing the accessibility of malware for bad. In addition, IT and OT teams often don’t have the resources necessary to keep systems appropriately hardened or protected. Luckily, implementing a security fabric which prioritizes —speed, integration, advanced analytics, and risk-based decision making— can enable comprehensive protection at machine speed and scale.”

Fortinet® (NASDAQ: FTNT) has announced the findings of its latest Global Threat Landscape Report. Their search reveals cybercriminals are evolving their attack methods to increase their success rates and speed infections. While ransomware continues to impact organizations in destructive ways, there are indications that some cybercriminals now prefer hijacking systems and using them for cryptomining rather than holding them for ransom. For a detailed view of the findings and some important takeaways for CISOs read the blog. Highlights of the report follow:

Cybercrime Attack Methods Evolve to Ensure Success at Speed and Scale

Data indicates that cybercriminals are getting better and more sophisticated in their use of malware and leveraging newly announced zero-day vulnerabilities to attack at speed and scale. While the number of exploit detections per firm dropped by 13% in Q1 of 2018, the number of unique exploit detections grew by over 11%, while 73% of companies experienced a severe exploit.

  • Spike in CryptojackingMalware is evolving and becoming more difficult to prevent and detect. The prevalence of cryptomining malware more than doubled from quarter to quarter from 13% to 28%. Additionally, cryptojacking was quite prevalent in the Middle East, Latin America, and Africa. Cryptomining malware is also showing incredible diversity for such a relatively new threat. Cybercriminals are creating stealthier file-less malware to inject infected code into browsers with less detection. Miners are targeting multiple operating systems as well as different cryptocurrencies, including Bitcoin and Monero. They are also fine tuning and adopting delivery and propagation techniques from other threats based on what was successful or unsuccessful to improve future success rates.
  • Targeted Attacks for Maximum Impact: The impact of destructive malware remains high, particularly as criminals combine it with designer attacks. For these types of more targeted attacks, criminals conduct significant reconnaissance on an organization before launching an attack, which helps them to increase success rates. Afterwards, once they permeate the network, attackers move laterally across the network before triggering the most destructive part of their planned attack. The Olympic Destroyer malware and the more recent SamSam ransomware are examples where cybercriminals combined a designer attack with a destructive payload for maximum impact.
  • Ransomware Continues to Disrupt: The growth in both the volume and sophistication of ransomware continues to be a significant security challenge for organizations. Ransomware continues to evolve, leveraging new delivery channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems. GandCrab ransomware emerged in January with the distinction of being the first ransomware to require Dash cryptocurrency as a payment. BlackRuby and SamSam were two other ransomware variants that emerged as major threats during the first quarter of 2018.
  • Multiple Attack Vectors: Although the side channel attacks dubbed Meltdown and Spectre dominated the news headlines during the quarter, some of the top attacks targeted mobile devices or known exploits on router, web or Internet technologies. 21% of organizations reported mobile malware, up 7%, demonstrating that IoT devices continue to be targeted. Cybercriminals also continue to recognize the value of exploiting known vulnerabilities that haven’t been patched as well as recently discovered zero-days for increased opportunity. Microsoft continued to be the number one target for exploits, and routers took the number two spot in total attack volume. Content Management Systems (CMS) and web oriented technologies were also heavily targeted.
  • Cyber Hygiene – More Than Just Patching: Measuring how long botnet infections persist based on the number of consecutive days in which continued communications are detected reveals that hygiene involves more than just patching. It is also about cleanup. Data showed that 58.5% of botnet infections are detected and cleaned up the same day. 17.6% of botnets persist for two days in a row and 7.3% last three days. About 5% persist for more than a week. As an example, the Andromeda botnet was taken down in Q4 2017 but data from Q1 found it showing prominently in both volume and prevalence.
  • Attacks Against Operational Technology (OT): While OT attacks are a smaller percentage of the overall attack landscape, the trends are concerning. This sector is increasingly becoming connected to the Internet, with serious potential ramifications for security. Currently, the vast majority of exploit activity is directed against the two most common industrial communication protocols because they are widely-deployed and therefore highly-targeted. Data shows that in Asia ICS exploit attempts appear to be somewhat more prevalent when comparing the prevalence of ICS exploit activity across other regions.

Fighting Evolving Cybercrime Requires Integrated Security

The threat data in this quarter’s report reinforces many of the prediction trends unveiled by the Fortinet FortiGuard Labs global research team for 2018 demonstrating that the best defense against intelligent and automated threats is an integrated, broad, and automated security fabric. A highly aware and proactive security defense system is needed to keep pace with the next generation of automated and AI-based attacks.

Report Methodology

The Fortinet Global Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of sensors during Q1 2018.  Research data covers global, regional, industry sector, and organizational perspectives. It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software, and botnets. It also examines important zero-day vulnerabilities. To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to valuable FortiGuard Labs threat research.



New algorithm uses AI to vastly improve voice assistants

Yobe Inc, an industry pioneer in artificial intelligence-powered signal processing solutions, has announced that it has secured $1.8M in seed funding from Clique Capital Partners, a $100M fund for investing in transformative voice technologies. The capital will be used to accelerate the commercialization of Yobe’s intelligent voice biometrics technology as they prepare for product launch this summer. The round follows a $990K round of angel funding and the 2016 receipt of a National Science Foundation SBIR grant to fund innovative research to solve the “Cocktail Party Problem.”

Yobe uses artificial intelligence to identify a signal’s DNA – biometrics in the case of voice – to accurately identify, track, isolate and separate voices of interest from other voices in extremely noisy environments, redefining the effectiveness of traditional voice authentication and speech recognition solutions. The technology allows device manufacturers to augment their products with vastly improved far-field speaker and speech recognition, superior voice UI and voice search, speech analytics and speech-to-text transcription, chatbots and conversational interactions.

“It’s become clear that voice is the future interface across a wide range of industries, technologies and applications,” said James Kenefick, General Partner at Clique Capital Partners. “We selected Yobe as one of our first investments because we believe that it will serve as the core underlying technology for the applications and hardware that shape the future, from smart homes and cars to security and surveillance.”

Yobe provides a number of major improvements over existing voice technologies including the ability to:

  •  Separate and enhance voices in the far field, even in the presence of near field voices and noise
  •  Improve the auditory scene by 20 decibels, exponentially improving the signal to noise ratio. Voices as low as a whisper can be effectively separated from background noise and enhanced for analysis
  • Track and support multi-user commands and profiles simultaneously, based on each speaker’s unique biometric signature
  • Embed software on smartphones and other low-power platforms for on device computations without the need for external power
  •  Proprietary enhancement technology that increases sound quality while decreasing packet sizes from between 30% to 50% of its original size, addressing storage and download constraints

Boston-based Yobe was founded by President and CEO Ken Sutton, a serial entrepreneur with over 20 years of finance and business management experience, and Chief Scientist Dr. S. Hamid Nawab, an MIT PhD and internationally renowned researcher focused on applying AI to signal processing.

“This round of funding is coming at a pivotal time in the evolution of voice and speech technologies. The timing for us to come to market could not be better, as our technology is positioned to be transformative for voice interface platforms that need security and accuracy to operate in the real world,” said Sutton. “We’ve solved one of the most persistent problems in signal processing and were an obvious fit for an investor in innovative voice technologies like Clique.

“Through persistent research and development, we believe we’ve arrived at a point where what was once a science fiction technology is now a practical reality,” said Nawab. “The ability to consistently and reliably separate important signals from noise is not just a groundbreaking development in and of itself, but will lead to the creation of voice user interfaces that power the technology of the future.”



GDPR: Is time running out?

The General Data Protection Regulation (GDPR) will overhaul how organisations store, secure and manage their customers’ data.  EU citizens will have extended rights that include the right to know what information is held about them, the right for that data to be removed, the right to data portability, and the right to be informed if there is a data breach. This data is known as PII (Personally Identifiable Information).

Alongside that, the Network and Information Systems (NIS) directive applies to operators of essential services, such as water, energy, transport and health providers and is aimed at ensuring they safeguard data against cyber-attacks. Like GDPR, the penalties for non-compliance are extremely high.

Yet according to research published this year by the Department for Digital, Culture, Media and Sport (DCMS), only 38 percent of UK businesses said they had heard of GDPR – and among those that are aware of it, only a little more than a quarter have made any changes in readiness for the new regulations. However it’s not too late to do something. The authorities know compliance is an ongoing process, and want to see organisations showing willingness to comply.

Understanding the data assets your organisation collects, holds and processes is the essential step in the planning stages to GDPR readiness. Once you have identified all the data types and sources you hold, you need to understand where it is stored and who can access it. Printed copies should be securely stored, with regular reviews to ensure the copies are still required. If not, securely destroy them.

Electronic storage within a structured database should be relatively easy to recognise, maintain and protect. The larger problem is unstructured data and knowing where PII, or personally sensitive information, is stored. Data discovery tools can search all mappable drives to find sensitive files (.docx, .xlsx, .pdf’s etc) that may contain the data that you are searching for – e-mail addresses, phone numbers, credit card details, National Insurance numbers, etc.

Once you know where your un-structured sensitive files are stored, move them to a central repository from which you can defend access. Set up processes and procedures to be able to respond in a timely fashion to Data Subject Access Requests (DSARs). Finding a Citizen within your paper records will require a physical search. Finding a Citizen within your CRM or other database should be accommodated from the application. The same tool that helped your organisation find sensitive files, ought to discover specific subjects within un-structured data, allowing an organisation the ability to respond to DSARs within the 30 days prescribed.




GDPR Downfall: 45% of employees have accidentally shared key information in emails to unintended recipients

New research by data security company, Clearswift, has shown that 45% of employees have mistakenly shared emails containing key data with unintended recipients, including personal information (15%), bank details (9%), attachments (13%) and other confidential text (8%).

The research, which surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia, also found that employees regularly receive these unintentional emails, as well as being guilty of sending them, highlighting an inbound and outbound opportunity for data leakages. 27% of employees claim to have received emails containing personal information in error from people outside of their company, with 26% also admitting to receiving attachments in error and 12% saying they had wrongly received personal bank details.

“With GDPR, the new tenet of shared responsibility makes the problem of receiving and sharing unauthorised information a serious issue. Email communication is a real pitfall for organisations trying to comply with the regulation”, said Dr Guy Bunker SVP products at Clearswift.

“Stray bank details and ‘hidden’ information in attachments, spreadsheets or reports can create a serious data loss risk. The occasional email going awry may seem innocuous, but when multiplied by the amount of employees within a business, the risk becomes more severe and could lead to a firm falling foul of the new GDPR penalties; up to 4% of global turnover, or even those in place already, such as The Payment Card Industry Data Security Standard. If contravened this can lead to a firm having the ability to process data removed, which could see some businesses grind to a halt.”

The research also found that upon receiving a misplaced email, 31% of employees said that they would read the email, with 12% even admitting they would scroll through to read the entire email chain. 45% of employees did say that they would alert the sender to their mistake, giving them the opportunity to take some action, however a lowly 27% said they would delete the email from their inboxes and deleted items leaving an element of uncertainty.”

Less than half (45%) of employees were familiar with the agreed process or course of action to take upon receiving an email from someone in another company where they were not the intended recipient, and 22% admitted there was no formal process in place whatsoever in their organisation for such situations.

Bunker added, “To offset the inevitable risk associated with email communications, companies need a clear strategy, which encompasses people, processes and technology.”

“Instilling the values of being a ‘good data citizen’ can engender a sense of data consciousness in the workplace, ensuring that employees are aware of responsible disclosure, and with whom this responsibility sits upon receiving an email in error. However, a formally agreed process or course of action is also a must. There is not a silver bullet and technology can once again offer assurances to help mitigate risks. Adaptive Data Loss Prevention (DLP) technologies can automate the detection and protection of critical information contained in emails and attachments, removing only the information which breaks policy and leaving the rest to continue on to its destination.”