San Diego, Bratislava – April 30, 2024 — ESET, a global leader in cybersecurity solutions, today announced its participation in the upcoming RSA Conference in San Francisco from May 6–9, 2024. At the event, which brings together IT experts from around the world, ESET Malware Researcher Martin Smolár will present on critical vulnerabilities and long-lasting problems in Unified Extensible Firmware Interface (UEFI) security, which resulted into the discovery of the BlackLotus UEFI bootkit. Details about the session, which takes place on May 7 at 1:15pm PT in Moscone West, Room 3002, are available here.

“Although UEFI firmware is widely deployed, and number of the real UEFI threats is increasing every year, most organizations overlook the security risks in this critical computing layer. UEFI bootkits are very powerful threats, having full control over the OS boot process and thus capable of operating stealthily and disabling various security mechanisms. Martin’s presentation discloses the latest tactics being used by adversaries and how organizations can ramp up their own security posture,” said Michal Jankech, Vice President of SMB and MSP segments at ESET.

Visitors to ESET’s Booth 1761 in the South Expo Hall will hear about AI-native prevention for tomorrow’s threats while getting the chance to play ESET’s immersive VR game “PREVENT,” developed for RSA attendees. Demos at the booth include:

• Next-Gen Endpoint and XDR – Learn about ESET’s cloud-delivered XDR-enabling solution, ESET Inspect, and how it facilitates unparalleled threat and system visibility. Now integrated with the ESET AI Advisor, this solution leverages generative AI to enhance incident response and interactive risk analysis, thus answering the wish of many companies to be able to utilize the advantages of XDR solutions even with limited IT resources.
• ESET Threat Intelligence – As organizations look to mitigate risk and extend their security intelligence, ESET Threat Intelligence feeds and premium APT reports leverage real-time, globally sourced curated data insights on cyber threats ranging from targeted attacks to zero-days and botnet activities. This global visibility enables businesses, governments, and channel companies to make critical decisions faster, giving them a strategic advantage and competitive edge in the fight against cybercrime.
• Managed Detection and Response (MDR) – Attendees will learn how ESET MDR provides 24/7 threat monitoring, hunting, and remediation. ESET’s blend of AI technologies and human expertise delivers rapid responses within a 20-minute window. This rapid action minimizes damage and ensures the safety of organizations. With ESET MDR, businesses can focus on core objectives, knowing that their defenses are actively safeguarded.
• Managed Service Provider (MSP) Program – ESET’s flexible and profitable model features tier-based volume pricing and real-time license usage tracking for efficiency in security management, optimizing resource allocation and elevating service quality. Whether MSPs serve a few clients or manage a large portfolio, ESET’s pricing structure adapts to their growth.
• ESET Integrations – ESET has kickstarted its API integration program by partnering with industry leading security providers. Discover how we are supercharging our partners’ solutions with ESET telemetry thanks to globally sourced data from ESET Inspect and our collected research in the form of ESET Threat Intelligence feeds. 

“This year’s theme at RSA is ‘The Art of Possible’ – showcasing the importance of creativity and innovation to battle dynamic cyber threats. Following significant investments, we look forward to meeting with ESET partners, business customers, and prospective users from around the world at RSA who are looking to battle tomorrow’s toughest adversaries with next-generation AI-native solutions,” added Michal Jankech.

In addition to the live demos, ESET is hosting expert talks at its booth as well as specialized briefings at the Press Club SF, a few steps away from the Moscone Center. Register online to meet ESET technology and research experts at the show or attend private briefings, including sessions on Threat Intelligence and Corporate Solutions. Separately, visitors to the booth can hear a range of presentations, including Robert Lipovský highlighting how the ESET Threat Intelligence portal is enhanced with AI for quick responses, James Rodewald on the proactive capabilities of ESET’s Managed Detection and Response service, and presentations from ESET partners.

For more information on ESET’s presence at RSA and how to register for special events, visit RSCA2024 I ESET.

With all of the fake websites and apps out there, critical cybersecurity for travelers begins at home before the trip even starts.

In the past, when travelers prepared for a long trip, they worried about getting lost, so they packed, among other things, a map, a compass, a radio, a dictionary, and a flashlight. Now it´s all more compact — all integrated into a smartphone. Thus, it is no surprise that many of us can’t imagine a trip without this little assistant.

But, just as travelers in history needed to be wary of pirates and highwaymen, so modern tourists preparing for the upcoming summer must also protect themselves from criminals operating in cyberspace.

The stakes can be quite high. Threat actors can not only abuse smartphones to steal identities or money from their owners but also make an entrance into their employers’ business systems. Let’s be honest: how many of us use personal smartphones for work or vice versa? They say don’t mix business with pleasure, but nowadays it is hard to avoid.

As of April 2024, AV-TEST, the Independent IT-Security Institute, has shown that smartphones have faced nearly 35 million instances of Android malware. The increasing greed shown by cybercriminals is also displayed in the latest ESET H2 2023 Threat Report noticing a rise of Android threats by 22%.

As cybercriminals become more creative, mobile device safety needs to be far more sophisticated than just keeping the device close and not accessing free Wi-Fi at coffee shops.

As this ESET research blog shows, the dangers begin as soon as an eager traveler begins checking visitor/tourist recommendations about a destination.

Threat actors can abuse legitimate festival, traveling, or accommodation websites to steal victims’ personal data, and money, and deliver malware or create impersonation websites to do the same. Another threat can come from abused apps such as fake translation apps or trojanized legitimate chat apps.

Moreover, some of those attacks do not truly take aim at smartphone users, but rather seek to abuse compromised mobile devices to access employers’ internal systems via hijacked corporate accounts, for example.

If you want to learn more about travel scams, check out this blog. Here are a few tips on how to protect yourself:

• If possible, do not take corporate devices on vacation, and do not use your personal devices for work.
• Update your software and back up your device data regularly.
• Set up anti-theft tools to help you find a lost or stolen device.
• Stop auto-connecting and think twice before connecting to any public wireless hotspot.
• If forced to connect to a public wireless hotspot, use a VPN. Think twice before conducting sensitive operations such as online banking or online shopping.
• Be cautious when downloading apps, especially from websites and third-party app stores.
• Always check a developer’s background and app reviews before downloading a new app.
• If the new app starts to behave strangely, delete it immediately.
• Only buy tickets from an event organizer or an official and trusted third-party vendor.

The last but arguably most important tip is to download reputable mobile security software emphasizing prevention. Without us going into much technical detail, be aware that there are sophisticated cybercampaigns that cannot be spotted by the human eye or caught by basic antivirus software.

This means that mobile users should have a reliable cybersecurity solution installed to protect them from these advanced threats, ideally before they execute. 

ESET Mobile Security takes a proactive approach and can detect and block threats during the download process, even before installation occurs. This means that the threat never reaches the user. EMS scans all files in download folders and can also be used to scan already existing apps to double-check that you haven’t let in the devil in disguise.

ESET Mobile Security Premium also comes with handy tools such as Anti-Phishing, Anti-Theft, Payment Protection, and App Lock. These protect travelers’ data in case they mistakenly visit a known phishing website, their mobile devices are stolen, or when someone wants to intercept their communications with a bank or an online shop.   

None of this should discourage you from enjoying your trip. Quite the opposite, having a vacation should be a relaxing experience!

With the right cybersecurity solution (and a bit of awareness), you can have a great time without constantly looking over your shoulder in cyberspace knowing that your device is safe and your digital progress is protected. Have a great summer!

Imagining a future, in which anyone could be attacked by an intelligence beyond the means of  humans is rather scary. Perhaps that’s why AI is better imagined as another tool to support people’s work. Again, however, the combined capability of such a human actor is also of concern, especially if said actor does not have their community’s best interests in mind.

With AI becoming increasingly important, just like companies, people race to figure out how it could be used to serve their own purposes, supporting their endeavors. Specifically in the field of cybersecurity, AI can serve both a constructive, but also a destructive role, with the former meaning the support of better cyber defense, and the latter attempting to cripple said cyber defenses.

Of specific concern is the potential for cyberattacks on critical infrastructure to become more widespread. Critical infrastructure, usually considered to include power generation and electrical grid, hospitals and healthcare systems, and the global supply chain, could also include digital supply chains and the internet itself. Depending on the specific needs, resources, and development level of a nation, critical infrastructure represents all the systems, networks, and assets that are essential, with their continued operation required to ensure the security of a given state, its economy, and the public’s health or safety. As the idea behind the attacks is to weaken adversaries by crippling their day-to-day business, an effective AI tool could, hypothetically, help bad actors commit attacks, or even increase the pool of potential attackers, by making malware coding easier. However, not everyone shares the same opinion.

According to an interview with ESET security researcher Cameron Camp, we are not really close to “full AI-generated malware,” though ChatGPT is quite good at code suggestion, he says, generating code examples and snippets, debugging, and optimizing code, and even automating documentation.

He agreed that ChatGPT could be used as a handy tool to assist programmers, one that could serve as a first step toward building malware, but not yet, as it is currently rather shallow, makes errors, creates bogus answers and is not very reliable for anything serious.

Nonetheless, Mr. Camp highlighted three areas, which might be interesting from the perspective of language models: 

More convincing phishing – From probing more data sources and combining them seamlessly to create specifically crafted emails where clues to their malicious intentions would be very difficult to detect, readers will be hard-pressed not to fall for social engineering. Nor will people be able to spot phishing attempts simply due to sloppy language mistakes, as they could have convincing grammar.

More specifically, spear-phishing could become even more convincing, as tailor-made emails or messages, even including personalized emotional triggers, could become easier to construct thanks to AI help. These abilities will be further supported by with multilingual text-generating options, such methods might work on a wider, global scale, which in case the targeting of critical infrastructure of several states at once would serve a useful purpose.

Ransom negotiation automation – Smooth-talking ransomware operators are rare, but adding a little ChatGPT shine to the communications could lower the workload of attackers seeming legit during negotiations. This will also mean fewer mistakes that might enable defenders to home in on the true identities and locations of the operators.

Furthermore, thanks to easier video and voice generation with AI (see example here), malicious actors could become anyone, hiding their identities more efficiently. In fact, concerns about AI have become so widespread in this area that many professionals want to stipulate in their contracts a ban on the use of their work for AI purposes.

And if you don’t believe this, check out this video of President Biden, Trump and Obama discussing a videogame, all AI-generated, of course. Imagine how, during a ransomware attack, an online intruder could imitate a highly placed official to ask for access to a network or a system remotely…

Better phone scams – With natural language generation getting more natural, scammers will sound like they are from your area and have your best interests in mind. This is one of the first onboarding steps in a confidence scam: sounding more confident by sounding like they’re one of your people.

As long as scammers generate the right natural cadence to a person’s voice, they can easily fool their victims, but the problem with any AI-generated content today is that there is an inherent, let’s say, ‘artificiality’ to it, meaning that despite these voices, videos or text looking legit, they still harbor some specific mistakes or issues that are easy to spot, like how ChatGPT makes false statements or how its responses might seem like it is just regurgitating a Wikipedia page.

However, all of this does not mean that generative AI cannot be used for brainstorming, to create a base for some work, however, the correctness of the information one is provided should still be checked. The legal ramifications of using AI-generated content (sourced from the net) might also be something to consider.

As AI starts to play an increasingly important role in cybersecurity, businesses and governments will need to accommodate and use AI to their own advantage – as crooks will definitely try to do the same. From a July 2022 report by Acumen Research and Consulting, the global AI market was $14.9 billion in 2021 and is estimated to reach $133.8 billion by 2030.

Thanks to the growing use of the Internet of Things and other connected devices, cloud-based security services could provide new opportunities for the use of AI. Antivirus, data loss prevention, fraud detection, identity and access management, intrusion detection/prevention systems, and risk and compliance management services already use tools like Machine learning to create more resilient protection.

On the flip side, bad actors could also use AI to their advantage. With a large enough market of smart AI, crooks could easily use it to identify patterns in computer systems to reveal weaknesses in software or security programs, enabling them to exploit those newly discovered weaknesses.

So, critical infrastructure could become one of the targets. With AI attacking and defending it, going for a tit-for-tat, security actors and governments will have to remain smart. The European Union is already trying to assess the risks by proposing the EU AI Act, to govern its use in Europe, classifying different AI tools according to their perceived level of risk, from low to unacceptable. Governments and companies using these tools will have different obligations, depending on the risk level.

Some of these AI tools may be considered high risk, such as those used in critical infrastructure. Those using high-risk AIs will likely be obliged to complete rigorous risk assessments, log their activities, and make data available to authorities to scrutinize to increase compliance costs for companies.  In case a company breaks the rules, the fine would likely be around 30 million euros or up to 6% of their global profits.

Similar rules and ideas are included within the recently proposed EU Cyber Solidarity Act, as government officials try to stay ahead of critical infrastructure attacks.