© 2021 AO Kaspersky Lab. All Rights Reserved.
Meet the non-profits using tech to improve society
5 reasons why you should care about NGOs
5 reasons why you should care about NGOs
World NGO Day (February 27) recognizes, celebrates and honors non-governmental and nonprofit organizations (NGOs.) Watch our favorite films about tech culture in NGOs.
They distribute billions of dollars each year to those most in need, and that’s why they’re under attack. But now, CyberPeace Institute is finding new ways to protect non-government, humanitarian and healthcare organizations from life-threatening cybercrime. In this episode from Tomorrow Unlocked’s Defenders of Digital series, Stéphane Duguin and Kiara Jordan explain CyberPeace Institute’s strategy.
40% of New York households lack either a home or mobile broadband connection. And more than 1.5 million New Yorkers lack both. This digital divide throws up massive barriers to education, work and life. NYC Mesh is challenging the status quo by building an internet infrastructure that is cheaper and potentially more reliable.
The Ocean Cleanup is developing and scaling technologies to rid the world’s oceans of plastic. They work to close the source and clean up plastic accumulated in the ocean. They created the first product (sunglasses) using plastic recovered from the Great Pacific Garbage Patch.
Konstantinos Kakavoulis and the Homo Digitalis team are taking on tech giants to defend our digital rights and freedom of expression. These lawyers from Athens explain the dangers of content moderation systems and how discrimination can happen when algorithms inherit the biases of their programmers.
Susie Hargreaves OBE and her team the Internet Watch Foundation (IWF) hunt down child abuse images online and help to identify children so law enforcement can intervene. We uncover Susie’s critical work tackling the ever-increasing number of child abuse online images around the world. The recent pandemic has triggered a spike in images, but Susie’s team is fighting back with new tech.
For more videos about data privacy and cybersecurity, subscribe to Tomorrow Unlocked on YouTube.
How hospital’s quick thinking stopped ransomware
“In wartime, a red cross on a hospital’s roof protects them from bombing. But in cyberwar there’s no convention to protect hospitals,” says Professor Dr. Harald Dormann, Head Physician, Emergency Room at Germany’s Klinikum Fürth hospital. Hospitals have thousands of networked computers and medical devices crucial to patient care, but on Friday, December 13th, 2019, Klinikum Fürth’s quick thinking turned a malware attack into an unlucky day for cybercriminals.
hacker:HUNTER Behind the Screens Episode 6: Malware A New Virus in the Hospital, charts Klinikum Fürth’s life-saving actions that stopped a ransomware attack in its tracks.
Klinikum Fürth found 65 systems infected with computer viruses and malware including the dangerously effective Emotet. Acting fast, they isolated the malware before it encrypted their data and demanded a ransom – often an Emotet attack’s end goal.
The first hint of an attack was when Klinikum Fürth’s IT support team started receiving strange emails from users – an Emotet hallmark.
Emotet spreads by using past emails in Microsoft Outlook to create new emails, with results from convincing to bizarre.
Malware is common. In the March to June quarter of 2021, Kaspersky software blocked 1.7 billion malware attacks. But it’s becoming more dangerous, with cybercriminals using particularly damaging malware like Emotet for fraud and ransomware attacks.
The rise of this more dangerous malware means business should give it more focus in their security strategy. Noushin Shabab, Senior Security Researcher at Kaspersky says, “An average cost for clean-up of this malware is around $1 million US dollars.”
Emotet also uses Wi-Fi networks to spread. If infected, a wirelessly connected device scans nearby networks and infects other devices using a password list.
Emergency Room Head Physician Professor Dr. Harald Dormann recounts how hospital staff stepped up when they learned of the cyberattack. “When our CEO told us what had happened, some were nervous, some were pale. But all were motivated to act.”
They disconnected the hospital from the internet to reduce risk of infecting other institutions and assembled taskforces of clinicians, administrators and IT staff to analyze the problem. To reduce risk to patients, they diverted new patients to nearby hospitals. Prioritizing the most critical medical devices, they checked for malfunctions and brought in extra staff to help with the switch to a paper-based working process.
There are many lessons in Klinikum Fürth’s story. Their fast response shows why organizations should plan what they’ll do if attacked.
Cybersecurity education can help staff get wiser to threats like Emotet’s use of spoofed emails. Strong passwords help defend against malware that uses wi-fi networks to spread.
Read more about how to prevent and reduce the impact of ransomware attacks. For more videos on protecting tomorrow, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
How stolen identities led to a wave of crime
Cybercriminals see education as an amazing resource. But they’re not taking classes or gaining qualifications – they target universities and other educational institutions for the wealth of personal information they hold.
In Episode 5 of our series hacker:HUNTER Behind the Screens, The Backdoor into Campus, Royal Holloway, University of London cybersecurity experts talk about the challenges they face keeping students and staff safe from identity theft.
Educational institutions often have large numbers of people using their systems, including staff, students and visitors. They use these systems to offer many kinds of services.
Mike Johnson is Chief Information Officer at Royal Holloway, University of London. He describes a major security incident at his institution. “A staff member’s credentials were stolen and used to send convincing offers of part-time work to students. Some students undertook the work and were paid. But they were overpaid, then asked to return some of the money. It was money laundering on a significant scale.”
Just one stolen identity is enough to conduct a lot of crime. In the digital age, if you know enough about someone, you can impersonate them to access money or commit other crimes, leading law enforcement to the wrong person.
“Commonly we find those who try to attack us are looking to harvest identities,” says Johnson. “When they’ve got them, they’ll try to harvest more, until they’re sure they can attack us in the way they want to.”
It’s all about authentication, says Keith Martin, Professor of Information Security at Royal Holloway, University of London: Knowing the person trying to access your online spaces is the right person. He uses real-world situations to explain. “Imagine a front door. Whoever’s got the key can open it. To breach that, you need to get hold of the key. Entering a country is more high security. The person at border control not only looks at credentials – a passport – but also at the person submitting it.”
Professor Martin continues, “In cyberspace it’s a bigger problem, because we can’t see who’s asking for access. The most popular authentication is a password, but they’re like keys – easily copied or stolen. So we need to use the passport model – asking for multiple things to gain access.”
It’s called multi-factor authentication. Those who want to gain access need more than a password, for example, a code sent by sms or biometrics, like a fingerprint.
Senior security researcher at Kaspersky, Noushin Shabab recommends for the greatest security, multi-factor authentication should combine biometrics like facial recognition with another credential.
Professor Martin says the most important thing anyone can do is develop ‘cyber common sense.’ “Just hesitate before doing anything in cyberspace – if you’re sent a link or a message asking for information, just hesitate, and ask, why do they want this?”
Johnson feels education institutes are the perfect places to learn cybersecurity awareness. “We’ve got to be willing to have a conversation with students about digital security and what protecting their identities means. Fundamentally, we’re educators – we’re well placed to help people operate in an environment they’ll operate in for a long time.”
For more videos on protecting tomorrow, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
Watchlist: 6 reasons why you should care about data privacy
Learn more about keeping your data private in these films we love
Learn more about keeping your data private in these films we love
Data Privacy Week (January 24 -28) is an international campaign from the National Cybersecurity Alliance about privacy, trust, and protecting data. This year’s event encourages people to own their privacy by learning how to protect their online data. Check out our favorite films about digital privacy.
ProtonMail is hoping to change privacy expectations for the tools we use to communicate. In this episode of Tomorrow Unlocked series Defenders of Digital, Bart Butler reveals why your email isn’t as secure as you think and what to do about it.
Nearly everything we do — the songs we listen to, the shows we watch, heck, even just walking down the street — now results in creating data. That’s why Angela Benton founded Streamlytics, a company that allows consumers to see who is harvesting your data, how it’s being used — and how to get your cut.
Data is now the world’s most valuable asset, Amelia Dimoldenberg investigates whether we should be worried about tech companies selling our data and what data the public thinks is acceptable to share.
Freddy Martinez, Executive Director of The Lucy Parsons Labs in Chicago, has helped rewrite US privacy legislation. He explains how law enforcement can use ‘stingrays’ to identify and track you through your phone, and their legal campaign against this infringement led to rewriting US privacy laws.
Destin Sandlin is an engineer and co-founder of 4Privacy, an end-to-end encryption platform. He explains the current privacy situation, how we got here, and what we can do to push back.
“I have nothing to hide so why should I care?” That’s what many think. But it’s not just about wanting to hide online. While most of us know privacy is important, we can’t always protect ourselves.
For more videos about data privacy and cybersecurity, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
Young bright mind detects deepfakes in a heartbeat
At 19, Gregory Tarr’s new techniques for identifying deepfakes won him BT Young Scientist of the Year 2021. In our latest video in the Young Bright Minds series, Tarr explains how he’s overcome some of the challenges of spotting this AI-created media at scale.
A deepfake is any media (usually video) with one person’s voice or face mapped onto another’s using AI-based software. They’re often meant to be funny or satirical, like placing Donald Trump in criminal underworld TV series Breaking Bad or critiquing Facebook’s data collection seemingly from the top.
But some deepfakes are less obvious. They can spread fake news or otherwise fool people into thinking someone said or did something they didn’t.
Tarr radically improved existing processes for detecting deepfakes. “I was able to speed things up ten times.”
The deepfake detection method is fascinating. Tarr explains: “Photoplethysmography means graphing the light of the blood. Every time your face receives a pulse of blood, green and red hues change slightly. You can track that over time in a video.”
“Many companies trying to detect these deepfakes have built models that work in lab environments,” says Tarr. “But because of the sheer size of the problem – hundreds of millions of videos – having the infrastructure and the computing power is a harder problem.”
Tarr is founder and CEO of Inferex. His business wants to work with companies’ deepfake detection models and deploy them across thousands of computers.
Tarr warns that technological solutions will only go so far in fighting fakes – we need to change how we think about what we see and read. “The only solution is that people wisen up. We need to be more aware that things we’re seeing or reading may or may not be true.”
For more videos about Young Bright Minds, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
Why endpoint detection and response is the future
Getting your head around endpoint protection for business isn’t easy. Matt White, CEO of software-as-a-service platform XaaS Ltd, has a knack for explaining it simply – with a balloon and a toothpick.
In Episode 4 of Hacker:HUNTER Behind the Screens, Endpoints: Friend or Foe? White blows up a balloon and pops it with a toothpick. The balloon is an organization’s expanded ‘attack surface’ and the toothpick is just one cybercriminal reducing it to shreds. In reality, White says, there are thousands of toothpicks trying to pop your balloon at any time.
And the toothpicks are getting stabbier. “Cybercriminals are now using AI and machine learning to make their attacks more sophisticated,” says Kaspersky senior security researcher Noushin Shabab.
Organizations’ attack surfaces are so big today because now almost anything is an ‘endpoint’ – a device connected to the network, from mobile phones, to webcams, to fridges. Together they make, as White puts it, “a total chaotic mess” from a security perspective.
“Endpoints are the heart of the risk. They’re the route in for your employees and the machinery you use for your work. But they’re also a route in for attackers.” Matt White, CEO, XaaS Ltd
It’s clear endpoints are cybercriminals’ favorite way to enter infrastructure. Market data analysis firm IDC’s 2019 study found 70 percent of breaches started on an endpoint.
While once businesses could rely on antivirus software to do the heavy lifting, White says they must go further to respond to a new threat landscape. “Endpoint detection and response (EDR) is like antivirus on steroids. It doesn’t just detect and identify, it isolates malicious code and repairs. Spending more on that kind of system is like an insurance policy – it may protect you from a lot more damage down the line.”
He likens endpoint detection and response to a COVID-19 vaccination. “You know you may still catch it, but you can make it far less serious by getting a vaccine upfront.”
Businesses should check what level of endpoint protection they need.
White believes the new level of cyberthreats demands a new way of working. “It’s not just plugging in the latest shiny box that’s going to secure a network. Everyone has to work together – all parts of a company, regulators, financial authorities – to create collaboration. It’s a team game.”
And that might be a good thing for business on the whole, as well as cybersecurity.For more videos on protecting tomorrow, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
Our brightest films of 2021
It’s been a memorable year on Tomorrow Unlocked. Check out the highlights
It’s been a memorable year on Tomorrow Unlocked. Check out the highlights
2021 has been quite a year for all of us. While technology has helped us through the pandemic in many different ways, our reliance on tech is often not matched by our ability to protect ourselves from cybercrime.
Against this backdrop we’ve told stories about criminal gangs, explored immortality and asked whether it’s possible to fall in love with robots with the aim of stirring debate and entertaining hundreds of thousands of viewers around the world.
Join us as we take a look back at the highlights of this memorable year.
The controversial one. Imagine Beyond: Who Wants to Live Forever?
This film attracted the most comments on Tomorrow Unlocked’s YouTube channel in 2021 when we delved into one of humankind’s oldest themes: immortality. With advances in technology and a radical new global movement, living forever might be closer than we think. But is it something you would want? Watch and decide for yourself.
Check out other stories about AI, robotics and future tech in Imagine Beyond on YouTube.
The edgy one. Imagine Beyond: Build me Somebody to Love
Could you fall in love with a robot? Will AI relationships be the norm in the future? As robots become ever more human, surely it’s only a matter of time before human-cyborg relations enter a whole new dimension. In this age-restricted video we explore these themes and meet those shaping the future of robotics.
The multi-award winning Imagine Beyond series offers new and exciting perspectives on what the future of technology could bring for what it means to be human. Stream all episodes on YouTube.
The one for true crime fans. hacker:HUNTER – Emotet
Emotet, the world’s biggest organised cybercrime gang, was responsible for a swathe of crimes and possibly deaths. A global coalition of law enforcement officers came together to take them down – no mean feat when the anonymous crime gang was constantly on the move. This episode of hacker:HUNTER tells the inside story of their demise through the eyes of the heroes who brought them to justice.
hacker:HUNTER looks at outstanding moments of hacking and cybercrime from a deeply human angle. Enjoy all the episodes here.
The interactive one. hacker:HUNTER – Carbanak
Choose your own adventure brought bang up to date with our first interactive film. This documentary takes viewers inside the Carbanak attack of 2013 which saw money flying out of ATMs around the world. Get ready to go behind the scenes of the biggest cyber heist in history.
The audio one. Fast Forward
In our first audio series we delve into the future of tech by looking at the recent past. Led by writer, broadcaster and cultural theorist Ken Hollings, the series includes insightful interviews with industry, media and academic tech experts who have an eye on the future.
Listen to all episodes of this CMA 2021 silver award-winning audio series
The one that might make you cry. Defenders of Digital: I am the Cavalry
Josh Corman leads a collective of white hat hackers, The Cavalry. Driven by the pain of losing his mother, Josh and his global collective are on a mission to make every
connected device safe, from medical infusion pumps to cars. This film inspires and terrifies in equal measure.
The one that shows the future of industry. Young Bright Minds: The Autonomous Factory
Smart factories could fight climate change, save lives and help solve the supply chain crisis that we’ve seen in this year’s post-pandemic world.
Could they even represent the next industrial revolution? In this episode of Young Bright Minds we meet Theo Saville, CEO of CloudNC and pioneer of autonomous factories. Theo explains why connected manufacturing is the future and how optimizing machines could save lives.
The one that was most awarded. From Kurils With Love – Behind the Scenes
The original From Kurils With Love documentary scooped 4 global awards in 2020, and in 2021 picked up a prestigious nomination for a Webby – the international awards that honor excellence on the internet.
This year we took you behind the scenes of this extraordinary film. With previously unseen footage, filmmakers Renan Ozturk and Taylor Rees share what the apocalypse created by the eruption of the Raykoke Volcano meant to them and how it became a metaphor for the world’s experience during the global pandemic.
The one for business. hacker: HUNTER Behind the Screens – Lighting the Dark Web
The acclaimed hacker:HUNTER series took a new perspective in 2021 by shining a light on cybersecurity professionals and the work they do to fight the exponential rise of cybercrime.
In this inaugural episode we meet officers from the Yorkshire and Humber Regional Organised Crime Unit who talk us through the Dark Web crime they fight every day, detailing how they catch cybercriminals whose identity, location and organisation is constantly changing.
Ready for more captivating stories from frontline crime fighters? Stream more episodes of hacker:HUNTER Behind the Screens here.
The drama film. Click
For our first foray into fiction we commissioned a collective of teenage Nigerian filmmakers, The Critics, to create a short film. The self-taught collective is gaining global attention with their sci-fi films. In this movie they look at cybercrime from the perspective of Mel, a hacker who lives with her sick mother while investigating the mysterious disappearance of her father.
For more videos on inspiring tech innovation, subscribe to Tomorrow Unlocked on YouTube.
The Tomorrow Unlocked Film Festival Winner: Terra Cene
Now in its second year, the Tomorrow Unlocked Film Festival gives up-and-coming independent filmmakers the opportunity to showcase their creativity and tell engaging stories about how technology influences our lives now and in the future. Directed by Nono Ayuso, the 2021 winner Terra Cene is a remembrance of things past and an observation of the interconnected nature of our time on Earth.
Check out the 2021 Tomorrow Unlocked Film Festival finalists.
Young Nigerians’ movie Clicks with Kaspersky
Nigerian teen collective The Critics is gaining global attention with self-taught filmmaking. The Click, explores a fictional cybercrime adventure.
Nigerian teen collective The Critics is gaining global attention with self-taught filmmaking. The Click, explores a fictional cybercrime adventure.
A collective of Nigerian teenagers called The Critics is making waves across the world. They make their groundbreaking movies using recycled smartphones and things they’ve learned in online tutorials.
Their recent short Z: THE BEGINNING went viral, catching global film heavyweight attention with its creativity and homemade special effects.
Tomorrow Unlocked is among the first brands to have commissioned The Critics to make a new film, The Click, written and directed by Godwin Gaza Josiah.
Mel, played by Esther Ukata, lives with her sick mother and works a repetitive job, all the while investigating her father’s mysterious disappearance.
When an old acquaintance offers Mel a lucrative job hacking elite cybercrime gang The Click, she’s reluctant to get involved. But when her mother’s condition worsens, stress gets the better of Mel and she takes the job.
Remembering skills she learned from her father, Mel succeeds in breaking through the gang’s defenses. But they won’t take this lying down. Will Mel find out what happened to her father?
For more videos on inspiring tech innovation, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
Why would cybercriminals hack a fridge?
Internet-connected devices are everywhere. And they’re being attacked.
Internet-connected devices are everywhere. And they’re being attacked.
Things you least expect now connect to the internet, like lighting, fridges and cars. And this Internet of Things (IoT) is doing great work improving energy efficiency and maintenance. But in hacker:HUNTER Behind the Screens Episode 3, Chris Kubecka, CEO of Hypatec and distinguished chair of the Middle East Institute, shows how IoT security is behind the curve.
“These devices are becoming common in homes and industry,” says Kubecka. “But most are not properly security tested, and many use outdated operating systems. It’s easy for attackers to exploit those and bring down entire businesses.”
Noushin Shabab, Senior Security Researcher at Kaspersky, says, “The industrial Internet of Things could be worth a trillion US dollars by 2025. Companies like Airbus use IoT for predictive maintenance sensors in aircraft. It’s high risk – devices not regularly connected can’t receive updates, so are more easily hacked.”
Kubecka describes how in 2014, the German government reported a fatal hack into the network of a steel mill. Attackers flooded the network, and safety systems couldn’t operate. Three people were killed and many injured.
Other attacks are more domestic, like one Kubecka investigated in Saudi Arabia. “A company bought a bunch of new smart fridges from a supplier that didn’t security-test. A criminal gang managed to exploit these fridges and use them for spam and manipulating the stock market.”
It can be hard to investigate IoT-based cybercrime. “Many IoT devices don’t log activity, so police forensics can’t find much. Or they’re expecting to find a computer and don’t realize the computer is a fridge.”
Kubecka says businesses shut down by IoT attacks often didn’t think they’d be a target. But cybercriminals can use anyone’s data and systems for fraud and other money-making schemes, like mining bitcoin.
“Makers and sellers of IoT devices must do their part to secure them,” says Kaspersky’s Shabab. She recommends they audit code, test for vulnerabilities and let users update and patch devices themselves rather than updating remotely.
Kubecka says manufacturers should be open about attacks they’ve suffered, sharing how it happened so others can learn.
Using security expertise helped smart prosthetic limb makers Motorica, who asked Kaspersky to review their device security. Kaspersky’s researchers identified several vulnerabilities, letting Motorica protect their customers by closing security holes.
While IoT makers are getting more security conscious, we already have homes full of smart devices that may not be secure. You can do a few things to protect IoT devices at home, like limiting what’s connecting to the internet and having strong passwords.
For more videos on those defending the world against cybercrime, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
The cavalry isn’t coming. What will you do?
Politicians need proof of harm before they will act. That’s not right, so Josh Corman is fighting back.
Politicians need proof of harm before they will act. That’s not right, so Josh Corman is fighting back.
When someone has to die for the authorities act, the world really is a dark place. I am The Cavalry – a collective of white hat hackers – is shining a light into the darkness to save lives.
“No one is going to save us, so we have a job to do.”
When Josh Corman’s mum had a stroke, he thought it would primarily affect her speech. It ultimately took her life. At the same time as his mother’s life was ebbing away, Josh was pressing government authorities to take cybersecurity in connected devices more seriously. They refused to do so.
Tormented by both of these incidents, Josh realized the cavalry isn’t coming to save us. He had to do something. But what?
To enjoy privacy, you’ve got to be alive
The cavalry’s initial strategy was to go high and deep into governments to warn them that cyber-terrorism was a clear and present danger – in healthcare, automotive, agriculture, maritime and other spaces.
He told officials the issue was not one of privacy – like many people, Josh loves privacy, but he also wants to be alive to enjoy it. They didn’t listen, even when Josh told them that when ‘things’ are connected to the internet, people can die.
They said the public needed proof of harm before they could amass the political will to take action.
TriCk was killed by a drone strike
At the same time, a UK teenager was jailed for hacking the website of Tony Blair (former UK Prime Minister.) While in prison he was radicalized by militant group ISIS.
On his release he started the ISIS Cyber Caliphate, recruiting using his social media skills and showing his followers how easy hacking could be. Known online as TriCk, real name Junaid Hussain, he was eventually killed in a drone strike. But the Caliphate was now up and running, targeting connected devices within their campaigns of terror.
Are connected devices cyber-asbestos?
Josh likens connected devices to asbestos. When this natural mineral was first used in construction, it was lauded: what’s not to like about a material that is fire resistant, lightweight and cheap? But we later discovered that when it decays it causes cancer – an unintended consequence of what we believed to be progress.
Are we treading the same line with connected devices? Unchecked, will they become the next asbestos? I am The Cavalry has already shown how easy it is to hack an infusion pump remotely and deliver a 30-minute dose in just 30 seconds. If the white hat hacker demonstration team can do it, so can the black hats like TriCk.
Raising the alarm without being alarmist
Josh says that when we hear or read scary things about cybersecurity, it’s human nature to mentally switch off – our brains think it’s scaremongering.
But just because it’s scary, doesn’t mean it isn’t true.
The cavalry’s collective of over 1000 white hat hackers are engaged in the hard work now so when the scary times do come (which Josh firmly believes they will) we are “safer, sooner, together.”
In this episode of Defenders of Digital, Josh gives us the whole story on this life-saving volunteer group.
Topic:
Loading more articles