By Marianne Bermejo, Malware Researcher, VIPRE Security Group 

Researchers find that “hunter-killer” malware is on the rise, with cybersecurity professionals claiming that the majority of malware now employ stealth-oriented techniques. 

This “stealthy” malware is essentially malicious software designed to evade detection while performing harmful activities on a system or network. It has evolved through advanced techniques like code obfuscation, polymorphism, and leveraging rootkits to remain undetected. This evolution reflects a cat-and-mouse game between cybercriminals and security professionals, where malware continuously adapts to bypass increasingly sophisticated detection mechanisms, demonstrating the dynamic and ever-challenging cybersecurity landscape.

How stealthy malware works  

Stealthy malware is best illustrated by a recent, real-world example of TA577, a ransomware threat actor that silently distributes malware loaders such as Qakbot and Pikabot. Malicious hackers use TA577 for ‘Email Thread Hijacking’, a technique to take control and manipulate systems for malicious purposes.

The hackers make deceptive emails and appear as replies to previous legitimate conversations. Hackers use real, legitimate conservations impersonating a senior executive, making it difficult for people to know that their email conversation has turned malicious. “I forwarded the paperwork to you yesterday, could you access it? or “I approved the payment to XXX, has the transfer been executed?”. It’s a cunning technique to take advantage of how people think or act in their job roles.

These emails contain zipped HTML attachments or links. When opened, the malware infects recipients’ computers or steals their personal information. By hijacking a thread, attackers can execute arbitrary code, allowing them to evade detection and carry out their malicious activities discreetly. They gain unauthorised access to sensitive data within the victims’ system such as username, IP address, computer name, and domain name. Manipulating credential theft at the server level, they gain access to the organisation’s sensitive information, potentially compromising entire IT systems and infrastructure.

Recent real-world examples

The financial sector is a top target of cybercriminals for state-sponsored cyberespionage as well as for not only for monetary gain. The digital financial sector environment alongside the open-source software supply chain landscape is making financial operations highly penetrable.

Recently, cybercriminals unleashed a phishing campaign targeting financial institutions in the Middle East, Africa, the South and Southeast Asia – and Visa customers. The threat actors deployed the JsOutProx malware to potentially conduct fraudulent activity. Likewise not long ago, criminals used an almost impossible-to-detect Linux malware to target the Latin American financial sector with the sole aim of capturing credentials and enabling backdoor access to victims’ machines.

This category of stealthy malware swiftly develops and deploys new techniques. So, hackers continuously refine and experiment with new delivery approaches. For example, threat actors are sneakily using Android banking trojans to automate the theft of online funds from everyday users.

What can financial organisations do?

As attackers continuously refine their tactics, organisations need to remain vigilant and proactively implement robust security measures to defend against such threats.

To mitigate such attacks, check for typos or grammatical errors in the emails received. Sometimes hackers deliberately include language errors in emails to evade email filters. By intentionally distorting common words or phrases, attackers heighten the likelihood of their emails bypassing traditional security measures and successfully infiltrating recipients’ inboxes, thus increasing the efficacy of their malicious campaign.

Exercise caution by verifying the legitimacy of any unfamiliar source before clicking on links or downloading attachments, as a single lapse in judgment could compromise device security and lead to server-level breaches. Be sceptical of urgent requests and unexpected emails too.

Maintain up-to-date antivirus software. Financial firms handle sensitive customer data and large sums of money, so remain prime targets for cyber-attacks and malware infections. Reputable antivirus solutions frequently release updates to address newly discovered threats, so financial organisations must ensure their software is regularly updated to close security vulnerabilities.  Up-to-date antivirus software is crucial for detecting and neutralising the latest viruses, trojans, and other malicious code that infiltrate systems and compromise sensitive information or even disrupt operations. Without robust antivirus protection, a single infected device on the network can act as an entry point for attackers.

Adopt measures to block outbound SMB (Server Message Block) traffic as a preventive measure against exploitation. SMB is a network communication protocol primarily used for providing shared access to files, printers, and other resources on a network. By restricting outbound SMB traffic, organisations significantly reduce their vulnerability and minimise the likelihood of unauthorised access to network resources.

No amount of technology will ever be sufficient to quell the onslaught of threat actors. Single, annual courses or classroom sessions are insufficient and ineffective. Financial organisations must have programmes in place to continuously raise awareness of new security threats and techniques that malicious hackers deploy.

Ultimately, due to the nature of cybercrime, cybersecurity is a shared responsibility between organisation and staff. By staying informed, adopting best practices, and exercising diligence in their online activities, employees play a critical role in safeguarding their organisation and indeed themselves.

Global Director for AI/ML Solutions, Mona Nia Tecnotree

The digital transformation of the healthcare industry continues to gain momentum. This shift can be attributed to the rapid advancement of widely applied technologies such as 5G networks, cloud computing, artificial intelligence (AI), and big data.

Moreover, integrating 5G networks with cloud-based healthcare platforms and AI is driving the emergence of intelligent eHealth technology, projected to reach $208 billion by 2030, according to recent reports. Recent research by Grand View Research emphasises that the synergy between 5G and AI is pivotal in transforming healthcare by enabling faster data exchange, reducing latency, and improving the reliability of health solutions. This collaboration aims to revolutionise the healthcare sector by facilitating hyper-personalisation, optimised care, enhanced sales and services, and streamlined operations. Leading venture firms actively invest in healthcare start-ups using AI, fostering a rapidly growing ecosystem of innovative advancements.

As AI and 5G continue to make waves through all industries, healthcare needs to adapt to changes quickly. However, with operational, security, and data privacy concerns, healthcare organisations remain wary. As such, they must analyse their current and future needs to understand how AI and 5G technologies can help fulfil them and establish a comprehensive plan to guarantee its efficient and secure implementation in their practices.

Recent research by the International Data Corporation (IDC) emphasises that the synergy between 5G and AI could potentially reduce operational costs by up to 20% and improve patient outcomes by enabling more accurate diagnostics and personalised treatments.

5G Integration in eHealth

5G technology stands at the forefront of healthcare reform with its superior data speed and dramatically reduced latency. Tailored to concurrently accommodate multiple connected devices such as sensors, wearables and medical equipment, 5G is truly indispensable in healthcare, allowing IoT devices to seamlessly transmit accurate data for healthcare providers.

It empowers healthcare professionals to handle large, high-definition files like clinical visuals, videos, and real-time patient insights. 5G’s capability for network slicing—dedicating specific network segments for certain uses—simplifies the management of such files. In addition, it optimises the performance of each application, thereby removing the strain on medical staff.

However, the implementation of 5G technology shouldn’t be oversimplified. It’s essential to analyse the potential risks and challenges thoroughly. A principal component to consider is regulatory cybersecurity and data privacy. Given that 5G networks are susceptible to cyber attacks, it falls upon healthcare providers to protect data such as patient information.

Organisations should also consider the financial implications of implementing 5G technology, as it involves a considerable investment in infrastructure and equipment. Therefore, they must balance the potential gains against the costs to ensure the viability of the investment.

Recent discussions at Mobile World Congress 2024 highlighted the critical role of regulatory frameworks in ensuring the secure deployment of 5G in healthcare. Experts advocated for robust cybersecurity measures and collaborative efforts between technology providers and healthcare institutions to mitigate potential risks.

Marrying 5G and AI for Improved eHealth Solutions

Despite the challenges, integrating 5G and AI will pave the way for unprecedented growth within the internal medical ecosystem, enhancing healthcare quality and patient results. For example, deploying data to carry out descriptive-predictive-prescriptive analytics and transmitting the acquired insights using 5G can drastically improve the user experience while helping make informed decisions. Such an approach can assist healthcare organisations in identifying promising healthcare use cases like remote patient monitoring, surgical robotics, and telemedicine.

Moreover, AI-facilitated hyper-personalisation, driven by the profusion of data accessible through 5G networks, can evaluate patient histories, genetic profiles, and lifestyle elements alongside real-time vitals to prescribe tailored advice and treatments. AI can also automate scheduling appointments, streamline supply chain management, and enhance transactions such as claims and prior authorisations. AI-powered chatbots and virtual assistants can deliver real-life support, while patient and customer service applications can provide an enriched experience through increased data accessibility.

AI can also streamline healthcare services by predicting and managing disease outbreaks. Supported by 5G’s capacity for real-time operability, AI systems can instantly analyse patient data, oversee bed availability, and notify medical personnel of potential complications—promoting efficient, effective care delivery.

Finally, AI-empowered fraud detection algorithms operating on 5G networks can analyse copious amounts of data in real time to detect suspicious activities and alert responsible security teams. This can also be applied to security cameras that can detect anomalies in patients’ and visitors’ behaviour and notify appropriate staff members.

A study published in the Journal of Medical Internet Research (JMIR) in 2023 demonstrated that combining AI and 5G in telemedicine significantly improved patient satisfaction and reduced consultation times by 30%.

Shaping an AI Blueprint for 5G eHealth

Integrating AI and 5G technologies can revolutionise disease assessment and surveillance, facilitating more precise diagnostics and tailored treatments. In return, it will drastically improve the standard of care, curbing expenses and boosting efficiency.

Over the next few years, healthcare providers should focus on specific areas where 5G and AI can deliver the most impact. For example, developing telehealth platforms that excel in security, accessibility, and user-friendly interfaces will be paramount. This design aspect is set to thrive, particularly with 5G paving the way for high-definition video consultations, remote patient monitoring, and instant data sharing between patients and healthcare

providers.

The precision and availability of diagnostic applications powered by AI and tele diagnostic services will notably increase in tandem with the widespread adoption of 5G. The strategic emphasis should be on enriching its capabilities, ensuring compatibility with existing systems, and seamlessly integrating the tech into existing healthcare processes.

AI-guided care management systems will also play an integral role in eHealth. There is a need to structure these systems to constantly monitor patient progress, suggest highly personalised treatments, and coordinate care across multiple providers while prioritising patient privacy and data protection.

Finally, when it comes to home health monitoring, emphasis should be placed on creating IoT devices that can integrate seamlessly with AI-driven health platforms and securely transmit data; this will be a critical development within the field.

The synergy between 5G technology and AI will continue revolutionising the healthcare industry, offering more customised, efficient, and cost-friendly solutions. By developing a precise AI blueprint for critical eHealth applications and capitalising on the capabilities of 5G, the benefits will drastically outweigh the challenges.

Source: Finance derivative

Andrew Abraham, Global Managing Director, Data Quality, Experian

It’s a well-known fact that we are living through a period of digital transformation, where new technology is revolutionising how we live, learn, and work. However, what this has also led to is a significant increase in data. This data holds immense value, yet many businesses across all sectors struggle to manage it effectively. They often face challenges such as fragmented data silos or lack the expertise and resources to leverage their datasets to the fullest.

As a result, data governance has become an essential topic for executives and industry leaders. In a data-driven world, its importance cannot be overstated. Combine that with governments and regulatory bodies rightly stepping up oversight of the digital world to protect citizens’ private and personal data. This has resulted in businesses also having to comply e with several statutes more accurately and frequently.

We recently conducted some research to gauge businesses’ attitudes toward data governance in today’s economy. The findings are not surprising: 83% of those surveyed acknowledged that data governance should no longer be an afterthought and could give them a strategic advantage. This is especially true for gaining a competitive edge, improving service delivery, and ensuring robust compliance and security measures.

However, the research also showed that businesses face inherent obstacles, including difficulties in integration and scalability and poor data quality, when it comes to managing data effectively and responsibly throughout its lifecycle.

So, what are the three fundamental steps to ensure effective data governance?

Regularly reviewing Data Governance approaches and policies

Understanding your whole data estate, having clarity about who owns the data, and implementing rules to govern its use means being able to assess whether you can operate efficiently and identify where to drive operational improvements. To do that effectively, you need the right data governance framework. Implementing a robust data governance framework will allow businesses to ensure their data is fit for purpose, improves accuracy, and mitigates the detrimental impact of data silos.

The research also found that data governance approaches are typically reviewed annually (46%), with another 47% reviewing it more frequently. Whilst the specific timeframe differs for each business, they should review policies more frequently than annually. Interestingly, 6% of companies surveyed in our research have it under continual review.

Assembling the right team

A strong team is crucial for effective cross-departmental data governance.  

The research identified that almost three-quarters of organisations, particularly in the healthcare industry, are managing data governance in-house. Nearly half of the businesses surveyed had already established dedicated data governance teams to oversee daily operations and mitigate potential security risks.

This strategic investment highlights the proactive approach to enhancing data practices to achieve a competitive edge and improve their financial performance. The emphasis on organisational focus highlights the pivotal role of dedicated teams in upholding data integrity and compliance standards.

Choose data governance investments wisely

With AI changing how businesses are run and being seen as a critical differentiator, nearly three-quarters of our research said data governance is the cornerstone to better AI. Why? Effective data governance is essential for optimising AI capabilities, improving data quality, automated access control, metadata management, data security, and integration.

In addition, almost every business surveyed said it will invest in its data governance approaches in the next two years. This includes investing in high-quality technologies and tools and improving data literacy and skills internally.  

Regarding automation, the research showed that under half currently use automated tools or technologies for data governance; 48% are exploring options, and 15% said they have no plans.

This shows us a clear appetite for data governance investment, particularly in automated tools and new technologies. These investments also reflect a proactive stance in adapting to technological changes and ensuring robust data management practices that support innovation and sustainable growth.

Looking ahead

Ultimately, the research showed that 86% of businesses recognised the growing importance of data governance over the next five years. This indicates that effective data governance will only increase its importance in navigating digital transformation and regulatory demands.

This means businesses must address challenges like integrating governance into operations, improving data quality, ensuring scalability, and keeping pace with evolving technology to mitigate risks such as compliance failures, security breaches, and data integrity issues.

Embracing automation will also streamline data governance processes, allowing organisations to enhance compliance, strengthen security measures, and boost operational efficiency. By investing strategically in these areas, businesses can gain a competitive advantage, thrive in a data-driven landscape, and effectively manage emerging risks.