Eliana Willis

If you don’t know what comprises synthetic data, well, don’t worry; you have plenty of company. Synthetic data is information that’s artificially manufactured by machines rather than generated by real-world events. Synthetic data is created algorithmically and is used as a stand-in for test datasets of production or operational data to validate mathematical models and, increasingly, to train machine-learning models. This substitutional data helps preserve privacy in personal information and can save IT systems a great deal of time, trouble, and money in the process.When machine-learning models are being created, the data has to be pure; if there are errors, duplications, or other hiccups in real data in building such models, problems inevitably will surface, costing time and money for the company. With more and more artificial intelligence and machine-learning models being used in various use cases, the need for synthetic data is rapidly growing. Analysts have projected that more synthetic than original data will be used to build ML models by the end of the decade.There are companies focusing on the commercial business use of synthetic data, and one of the first is Gretel, based in San Diego, Calif. The 2-year-old startup on Feb. 1 announced the general availability of its privacy engineering toolkit containing APIs and services that enable users to classify, transform and generate high-quality synthetic data. Combined, these capabilities remove privacy bottlenecks for numerous development and workflow processes that prevent data sharing and stifle innovation, CEO Ali Golshan told ZDNet. “We’ve built a privacy toolkit that’s accessible to all developers and scalable to any enterprise-ready project,” Golshan said. “With Gretel, anyone can classify, anonymize, and synthesize data that’s privacy-proven and highly accurate in just a few clicks. Our advanced privacy guarantees also give users complete control to adjust data privacy levels, based on their project needs, and guard synthetic data against adversarial attacks.”Golshan said the company has tested its products in an open beta program for more than a year. It has incorporated improvements to its toolkit based on feedback from more than 60 enterprise engagements, a community of thousands of users, and open-source users who have downloaded the SDK more than 70,000 times, the company said.Gretel has been working with organizations over several vertical industries, Golshan said, including health care, life sciences, finance, and gaming. Some of their recent work includes creating synthetic genomic data and synthetic time-series banking data. Interest in Gretel’s privacy engineering tools is supported by analysts’ forecasts that by 2030, synthetic data will completely overshadow real data in AI models, Golshan said

“Today, working with data is hard. Gretel is making it easier. By building flexible, secure, and easy to deploy tools to support data-driven developers, Gretel will open a world of progress across industries,” said Max Wessel, Executive Vice President & Chief Learning Officer at SAP.Advanced Privacy Engineering Made AccessibleGretel’s all-in-one privacy stack is comprised of engineering tools that:create highly accurate, privacy-proven synthetic data;seed pre-production systems with safe, statistically accurate datasets;identify and remove sensitive data to reduce PII-related risks;augment and de-bias datasets to train ML/AI models fairly; andanonymize sensitive data in real time, for data at scale.Gretel is also previewing an AWS S3 storage connector for its toolkit. For more information, go here. Gretel’s services can be accessed through its SaaS cloud offering or CLI for local environments. More

Multiple ports in Belgium and the Netherlands are reporting issues after a cyberattack affecting IT services was announced. Terminals operated by SEA-Tank, Oiltanking, and Evos in Antwerp, Ghent, Amsterdam, and Terneuzen are all dealing with issues related to their operational systems, according to France24.A spokesperson from Evos told ZDNet that they are continuing to operate their terminals but are having some delays after the attack. 

ZDNet Recommends

“There is a disruption of IT services at our terminals in Terneuzen, Ghent, and Malta, which is causing some delays in execution. All operations continue to take place in a safe manner,” the spokesperson said. Prosecutors in Antwerp have opened an investigation into the cyberattacks and told the Associated Press that the Federal Computer Crime Unit is looking into the issue. Companies reported having difficulties unloading barges because their software had been “hijacked,” making it difficult to process each one. The incidents come days after oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls Group, suffered a cyberattack that crippled their loading and unloading systems. Oiltanking told ZDNet in a statement yesterday that its terminals are operating with limited capacity and that they “have declared force majeure.” On Tuesday, Royal Dutch Shell said it was forced to reroute to different supply depots because of the issue. German newspaper Handelsblatt said 233 gas stations across Germany now have to run some processes manually because of the attack.

An internal report from the German Federal Office for Information Security (BSI) said the BlackCat ransomware group was behind the attack on Oiltanking. Emsisoft threat analyst Brett Callow noted that it is likely BlackCat is a rebrand of BlackMatter, which was itself a rebrand of DarkSide, the group behind the ransomware attack on Colonial Pipeline in May 2021. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

Billion-dollar German logistics firm Hellmann Worldwide Logistics was also hit with ransomware in December.Andy Norton, cyber risk officer at Armis, said that for decades, ICS cybersecurity simply didn’t exist because it didn’t need to. Operational technology and information technology, he explained, were separate domains with separate systems that didn’t connect to each other, and legacy industrial devices didn’t connect independently to the internet or to each other. “This disconnection — the so-called ‘air gap’ — was thought to be all the security that OT systems needed, aside from physical access control. Now, though, IT/OT integration is becoming the norm. Connected devices stream data, monitor equipment and processes, and support line automation and other Industry 4.0 functions, so the air gap is no longer a reliable method of OT security,” Norton said. “As OT and IT continue to merge, cybersecurity requirements now apply to ICS just as much as to corporate networks, but many organizations struggle to find the right approach to protect their operational technology,” Norton added.”Facilities that can’t operate securely are at risk of going offline at any moment. A ransomware attack on an ICS facility can halt operations and leak operational and corporate data to the dark web-or destroy that data altogether.” More

Intel announced the expansion of its Bug Bounty program this week, explaining in a statement that it plans to create a new effort called “Project Circuit Breaker.”The project will bring in an “elite” group of hackers to search for vulnerabilities in Intel’s firmware, hypervisors, GPUs, chipsets, and more. According to Intel, the program will involve “targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers.” 

The first Project Circuit Breaker event, “Camping with Tigers,” started in December and includes 20 researchers who received systems with Intel Core i7 processors. The event will end in May, and Intel said bounty multipliers are being offered at three milestones for eligible vulnerabilities.Katie Noble, director of Intel’s Product Security Incident Response Team (PSIRT) and Bug Bounty, said the new program was possible due to the company’s “cutting-edge research community.””This program is part of our effort to meet security researchers where they are and create more meaningful engagement,” Noble said. “We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats — and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware.”Tom Garrison, vice president and general manager of client security strategy & initiatives at Intel, added, “As we aim to develop the most comprehensive security features, we also realize the incredible value of deeper collaborations with the community to identify potential vulnerabilities and mitigate them for the ongoing improvement of our products.

Intel has run its Bug Bounty Program since 2018. Intel explained that 97 of 113 externally found vulnerabilities were reported through Intel’s Bug Bounty program in 2021. The company’s security experts are also part of both the Bug Bounty Community of Interest and Forum of Incident Response and Security Teams.The announcement comes days after Cloudflare announced its own paid public bug bounty program hosted on HackerOne’s platform.  More

Senior managers are putting businesses at risk of cyberattacks and data breaches because they don’t understand cybersecurity issues and, in some cases, don’t even want to learn about the dangers.According to research by cybersecurity company Trend Micro, just half of IT decision makers believe that the board understands cyber risks. Of the 5,321 IT leaders surveyed, 90% said that the C-suite aren’t focused on cybersecurity because they have other priorities, such as digital transformation or improving productivity. As a result, they see cybersecurity as a barrier to reaching their preferred goals. 

ZDNet Recommends

However, there’s also a significant minority of board members who actively aren’t trying to learn about cybersecurity. According to the research, 26% don’t try hard enough to learn about cyber risks, while 20% just don’t want to understand the cyber risks their organisation is facing. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)This lack of understanding is causing tension between information security teams and the boardroom, to such an extent that 82% of IT decision makers say they have felt pressured to downplay the severity of cyber risks to their board.  Nearly a third of these individuals say this is a constant pressure, indicating that many boardrooms would prefer to bury their heads in the sand instead of tackling cybersecurity problems. Almost two-thirds (62%) said that the board would only sit up and take notice of cyber risks if the organisation suffered an attack or data breach, while 61% said they’d be forced to take notice if customers demanded enhanced security – suggesting that the risk of losing business because of perceptions of poor security could finally make executives take note.  

But even when boardrooms and executives are concerned about cyberattacks, and are engaging with cybersecurity leaders about issues, detailing risks and how to manage them can still prove to be tricky, especially if execs are starting out with little technical understanding of the issues. It’s therefore vital that information security teams break things down for executives, regularly explaining the issues – and, crucially, in ways that senior managers are able to understand. “More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cybersecurity landscape evolves,” said Eva Chen, CEO of Trend Micro.”IT leaders need to communicate with their board in such a way that they can understand where the organization’s risk is and how they can best manage it,” she added. Steps that can be taken to help this process along include formalising cybersecurity with documentation and metrics, and encouraging business risk discussions around the issues. It’s also recommended that the CISO should report directly to the CEO in order to directly expose them to cybersecurity issues, therefore helping to drive discussions around cybersecurity. MORE ON CYBERSECURITY More

Microsoft has detailed the evolution of a relatively new piece of Mac malware called UpdateAgent that started out stealing system information in late 2020 but has morphed into a tool for delivering adware and potentially other threats. One of UpdateAgent’s newest and most potent features is the ability to bypass Apple’s built-in Gatekeeper system that is meant to allow only trusted, signed apps to run on Macs. 

ZDNet Recommends

Microsoft flagged the malware now as it appears to be under continuous development. Today, it installs an “unusually persistent” adware threat called Adload, but Microsoft cautions it could be used to distribute other more dangerous payloads in future. For example, Microsoft found its makers host additional payloads on Amazon Web Services’ S3 and CloudFront services.  SEE: Cybersecurity: Let’s get tactical (ZDNet special report)While it does require the victim to install an app masquerading as legitimate software, such as a video app or support agent promoted in ad pop-ups, the ability to bypass Gatekeeper controls is significant. It can also use existing user permissions to delete evidence of its presence on a system. Since its discovery between September to December 2020, when it was only an information stealer, the malware has undergone several upgrades to improve persistence allowing it to remain on a system after users sign in to the affected device. By January 2021, it could fetch secondary payloads as .dmg files for macOS from public cloud providers. In March 2021, it was updated again to fetch compressed .zip files instead of .dmg files and tweaked to prevent Gatekeeper from displaying the pop-up warning to users that a file is from an “unidentified developer”. Then in August, it was improved with changes that allowed the malware to inject persistent code that ran as root in a background process that’s invisible to the user. 

“UpdateAgent is uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates this trojan will likely continue to use more sophisticated techniques in future campaigns,” Microsoft says in a blogpost, cautioning it could follow the trajectory of malware common to Windows. “Like many information-stealers found on other platforms, the malware attempts to infiltrate macOS machines to steal data and it is associated with other types of malicious payloads, increasing the chances of multiple infections on a device.”UpdateAgent’s makers started distributing Adload as a secondary payload in October 2021 when Microsoft raised an alarm it was distributing malware through public cloud providers. Microsoft says it has coordinated with AWS to remove malicious links from its cloud services. Adload is capable of opening a backdoor to install other payloads.  “Once adware is installed, it uses ad injection software and techniques to intercept a device’s online communications and redirect users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results,” Microsoft notes. “More specifically, Adload leverages a Person-in-The-Middle (PiTM) attack by installing a web proxy to hijack search engine results and inject advertisements into webpages, thereby siphoning ad revenue from official website holders to the adware operators.”Microsoft is interested in Mac malware because more enterprises support non-Windows devices on corporate networks. It is encouraging defenders to use its Edge browser on macOS since it supports Microsoft’s Defender SmartScreen for blocking malicious websites. Meanwhile, Microsoft’s Defender for Endpoint enterprise security platform can be used to detect UpdateAgent’s misuse of Apple’s PlistBuddy tool for managing PLIST (property list) attribute files for macOS applications.    More

Blockchain analysis firm Chainalysis said 110 NFT wash traders have collectively made about $8.9 million in profit in 2021. The company defines “wash trading” as transactions where the seller is on both sides of the trade and attempts to paint a misleading picture of an asset’s value and liquidity.The finding was part of a larger report on wash trading and money laundering in the NFT industry. The research only captures trades made in Ethereum and Wrapped Ethereum, excluding a significant amount of wash trading activity. Chainalysis said they tracked a minimum $44.2 billion worth of cryptocurrency sent to NFT-related smart contracts last year, up from just $106 million in 2020. But alongside that large increase in legitimate NFT business, Chainalysis said it did find actors wash trading to artificially increase the value of NFTs and money laundering through the purchase of NFTs. “In the case of NFT wash trading, the goal would be to make one’s NFT appear more valuable than it really is by ‘selling it’ to a new wallet the original owner also controls. In theory, this would be relatively easy with NFTs, as many NFT trading platforms allow users to trade by simply connecting their wallet to the platform, with no need to identify themselves,” the researchers explained. “With blockchain analysis, however, we can track NFT wash trading by analyzing sales of NFTs to addresses that were self-financed, meaning they were funded either by the selling address or by the address that initially funded the selling address. Analysis of NFT sales to self-financed addresses shows that some NFT sellers have conducted hundreds of wash trades.”They found 262 users who have sold an NFT to a self-financed address more than 25 times, with over half losing money due to gas fees. The 110 traders who made a profit brought in a total of about $8.9 million in profit while the rest lost a total of $416,984. The report adds that the money made “is most likely derived from sales to unsuspecting buyers who believe the NFT they’re purchasing has been growing in value, sold from one distinct collector to another.”

When it comes to money laundering, Chainalysis said value sent to NFT marketplaces by illicit addresses jumped significantly in the third quarter of 2021, crossing $1 million worth of cryptocurrency. “The figure grew again in the fourth quarter, topping out at just under $1.4 million. In both quarters, the vast majority of this activity came from scam-associated addresses sending funds to NFT marketplaces to make purchases. Both quarters also saw significant amounts of stolen funds sent to marketplaces as well,” the company said.”Perhaps most concerningly, in the fourth quarter, we saw roughly $284,000 worth of cryptocurrency sent to NFT marketplaces from addresses with sanctions risk. All of that was due to transfers from the P2P exchange Chatex, which was added to OFAC’s SDN list last year.”  Kim Grauer, head of research at Chainalysis, told ZDNet that she hoped the report would demonstrate to those involved that wash trading NFTs isn’t a great strategy because it usually isn’t profitable and is traceable. More

Law enforcement continues to tackle information online considered to be dangerous, with bomb manuals the subject of a new operation. 

As internet access shifted from a luxury made possible through dial-up to something akin to a human right in many countries, the web became a catalyst for new, innovative business models, e-commerce, new means of communication, and a critical channel for education – especially useful during COVID-19 stay-at-home orders. However, when it comes to education and e-commerce, law enforcement worldwide has taken different stances on what is considered allowable, and some topics, guides, and trading posts become the subjects of investigations and, in some cases, seizures or takedowns.  Underground marketplaces, including AlphaBay, Silk Road, DarkMarket, and more recently, CanadianHQ have been shut down by the police. These platforms were used to sell everything from narcotics to weapons and malware.  The debate surrounding the free flow of information online came to a head years ago due to Defense Distributed, created by Cody Wilson. The founder’s website offered blueprints for 3D-printed guns in the public domain, allowing users to ‘print’ their own at home – but US court orders made under international gun trafficking laws were imposed to try and stop the distribution of the CAD files.  Read on: Guns are already on UK streets. 3D printing could make things far worse Back in Europe, bomb manuals are now a hot topic for law enforcement. On February 1, Europol brought together agencies from France, Germany, Hungary, Italy, the Netherlands, Portugal, Spain, Switzerland and the UK under a “Referral Action Day” to wipe out dangerous content online.

Specifically, Europol says that “content on explosive chemical precursors” – in other words, instruction manuals for the creation of explosives – was targeted under an anti-terrorism action.  The agency says that this content was “being shared among terrorist supporting networks, including jihadist, right-wing and left-wing terrorist networks.” In total, 563 pieces of content on 106 websites were the subject of a referral for voluntary removal by online service providers. The files included manuals and tutorials on how to make bombs using precursors as well as instructions on “how to prepare and carry out terrorist attacks,” Europol claims.  The content may become a subject of the European platform for takedown of illegal content online/Plateforme Européenne de Retraits de Contenus illegaux sur Internet (PERCI) project, a platform in Europol’s roadmap (.PDF) that could eventually shift takedowns from a voluntary state to one that is forced – and potentially as soon as in the coming months, thereby increasing the power of law enforcement to tackle online content.  “This platform is a technical solution built by Europol and managed by the EU IRU to facilitate the implementation of the new regulation,” Europol says. “Before this, the process to take down terrorist content online was entirely voluntary on the part of the tech companies.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More