Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label MIT Technology. Show all posts

Ikigai: MIT-based AI Apps Startup is set to Alleviate Supply Chain Attacks with Advanced Cybersecurity


This year, the constant surge of data breaches and ransomware attacks are apparently impacting the supply chains and the manufacturers who are replying on them. VentureBeat has discovered in their research that supply chain-directed ransomware attacks have broken all previous records in the manufacturing industry, with the most severe losses occurring in the medical device, pharmaceutical, and plastics industries. The complete sum of the victim organization's cyber-insurance is being demanded as ransom by the attackers. The attackers send top management a copy of their insurance coverage if they refuse, but they are rejected.

Threat Actors Asking for Bigger Ransoms

Manufacturers who are impacted by the supply chain attacks claim the ransom demands are two to three times more than those made by other businesses. This is so because it can cost millions to shut down a production line for even a single day. Much smaller to mid-tier single-location manufacturers scramble to get cybersecurity assistance after paying the ransom discreetly. However, they are frequently victims a second or third time.

Ransomware attacks remain the cybercrime of choice for threat actors who are targeting supply chains for financial gain. Till now, the most well-known cases of such attacks have included companies like Aebi Schmidt, ASCO, COSCO, Eurofins Scientific, Norsk Hydro, and Titan Manufacturing and Distributing. The other major firms that were attacked choose to stay anonymous.

Among the manufacturing firms, A.P. Møller-Maersk, the Danish shipping giant suffered the most severe attack on a supply chain, which cost $200–300 million and temporarily shut down the major cargo facility at the Port of Los Angeles.

What is the MIT Based Start-up? 

Ikigai, the MIT-based startup has developed an AI Apps platform based on the research conducted by its cofounders at MIT with large graphical models (LGMs) and expert-in-th-loop (EiTL), through which the system can collect real-time inputs from professionals and continuously learn to maximize AI-driven insights and expert knowledge, intuition, and expertise.

The list of industries using Ikigai's AI Apps is expanding. Currently, it includes manufacturing (predictive maintenance quality assurance), retail (demand forecasting, new product launch), insurance (auditing rate-making), financial services (compliance know-your-customer), banking (customer entity matching txn reconciliation), and supply chain optimization (labor planning sales and operations planning).

Making sense of walled, incomplete data dispersed throughout the organization is a constant struggle for every enterprise. The most challenging, intricate issues that an organization faces merely amplify how broad its information gaps prevent decision-making. Manufacturers pursuing a China Plus One strategy, ESG initiatives, and sustainability have told VentureBeat that the complexity of the decisions they must make in these strategic areas is outpacing current approaches to data mining.

The LGMs used by Ikigai's AI Apps platform, which works with sparse, small datasets to give necessary insight and intelligence, aid in resolving these problems. DeepMatch for AI-powered data prep, DeepCast for predictive modeling with sparse data and one-click MLOps, and DeepPlan for reinforcement learning-based domain-specific decision suggestions are some of its features. EiTL is a sophisticated product feature made possible by Ikigai's technology.

EiTL, together with LGM models will eventually strengthen the model accuracy by integrating human expertise. To identify new risks and fraud tendencies in managed detection and response (MDR) situations, EiTL would integrate human experience with machine learning algorithms. EiTL's real-time AI system inputs have the potential to enhance MDR teams' threat identification and response capabilities.

A Constant Battle Between Apple and Zero-Day Security Vulnerabilities

 


Recently, there has been a noticeable increase in the number of attackers targeting Apple, especially by using zero-day exploits. Among the main reasons why hackers like zero-day exploits so much are because they might just become the most valuable asset in a hacker's portfolio. As of 2022, Apple has discovered seven zero-day vulnerabilities in its products and has followed up on these discoveries with relevant updates to address these issues. Even so, it seems as though there will not be an end to this classic cat-and-mouse game anytime soon.

During 2021, there were more than double the amount of zero-days recorded, compared to the same year in 2020. This is the highest level since tracking began in 2014, with the number of zero-days increasing every year since then – the trend has been demonstrated by the repository maintained by Project Zero. 

As described by the MIT Technology Review, the increase in hacking over the past few years has been attributed to the rapid proliferation of hacking tools globally and the willingness of powerful state and non-state groups to invest handsomely in discovering and infiltrating these operating systems. Threat actors actively search for vulnerabilities and then sell the information about those vulnerabilities to the highest bidder.

Apple has repeatedly been compromised by these attackers. In 2022, Apple, one of the four most dominating IT companies in the world, is advancing into a year where it is welcoming a new year with two zero-day bugs in its operating systems, a WebKit flaw that could have left users' browsing data vulnerable and after recovering from 12 recorded exploits and remediations in 2021, they have been hit by two zero-day bugs in their operating systems. 

The company released 23 security patches less than one month after it discovered these issues. A new flaw was discovered that could be exploited by attackers to exploit a user's device if certain malicious websites are loaded onto a user's device, leading to an infection of their device.

Keeping this in mind, if we fast forward to August 17 of this year, we learn Apple has discovered two new vulnerabilities in its operating system  CVE-2022-32893 and CVE-2022-32894. The first vulnerability is a remote code execution (RCE) vulnerability in Apple's Safari Web browser kit, which is used by all browsers that are iOS-enabled and macOS-enabled. As for the second vulnerability, another RCE vulnerability, it gives attackers complete access to the user's software and hardware without any limitations. 

In the past couple of weeks, two major vulnerabilities have been found that affect a wide variety of Apple devices  especially the iPhone 6 and later models, the iPad Pro, iPad Air 2 onwards, iPad 5th generation and newer models, iPad mini 4 and newer versions, iPod touch (7th generation), and macOS Monterey. The officials updated the security systems to create a protected environment against “actively exploited” vulnerabilities.

The research team at Digital Shadows prepared a report which included that the Zero-day exploits sell for up to $10 million, which is the most expensive commodity in a rather wide array of cybercrime. The report further added that these exploits in the market are bound to expand and provoke more cyber threats.