AI EXPRESS
  • AI
    AI regulation: A state-by-state roundup of AI bills

    AI regulation: A state-by-state roundup of AI bills

    Iterable optimizes AI to hyper-personalize marketing and predict future purchases

    Iterable optimizes AI to hyper-personalize marketing and predict future purchases

    The future of robotics | VentureBeat

    Nvidia launches new metaverse efforts at SIGGRAPH

    Amazon iRobot play takes ambient intelligence efforts to next level

    Amazon iRobot play takes ambient intelligence efforts to next level

    NNAISENSE announces release of EvoTorch, a rare open-source evolutionary algorithm

    NNAISENSE announces release of EvoTorch, a rare open-source evolutionary algorithm

    What Do You Think Life Will Be In 2050?

    What Do You Think Life Will Be In 2050?

  • ML
    Create Amazon SageMaker model building pipelines and deploy R models using RStudio on Amazon SageMaker

    Create Amazon SageMaker model building pipelines and deploy R models using RStudio on Amazon SageMaker

    MLOps at the edge with Amazon SageMaker Edge Manager and AWS IoT Greengrass

    MLOps at the edge with Amazon SageMaker Edge Manager and AWS IoT Greengrass

    python dictionary append

    Python dictionary append: How to do it?

    Promote feature discovery and reuse across your organization using Amazon SageMaker Feature Store and its feature-level metadata capability

    Promote feature discovery and reuse across your organization using Amazon SageMaker Feature Store and its feature-level metadata capability

    Optimal pricing for maximum profit using Amazon SageMaker

    Optimal pricing for maximum profit using Amazon SageMaker

    Amazon Comprehend announces lower annotation limits for custom entity recognition

    Amazon Comprehend announces lower annotation limits for custom entity recognition

    python __init__

    Python __init__: An Overview – Great Learning

    Scale YOLOv5 inference with Amazon SageMaker endpoints and AWS Lambda

    Scale YOLOv5 inference with Amazon SageMaker endpoints and AWS Lambda

    Simplify iterative machine learning model development by adding features to existing feature groups in Amazon SageMaker Feature Store

    Simplify iterative machine learning model development by adding features to existing feature groups in Amazon SageMaker Feature Store

  • NLP
    abstract image of robot and AI in the supply chain

    AI has Room to Grow in the Supply Chain

    rpa

    RPA gathers steam with Siri-like NLP

    Klangoo FinTech Challenge Winners Announced

    Klangoo FinTech Challenge Winners Announced

    The 10 Best SaaS Companies of 2022 

    The 10 Best SaaS Companies of 2022 

    Real-time Analytics News for Week Ending April 2

    Real-time Analytics News for Week Ending August 6

    You Need To Stop Doing This On Your AI Projects

    You Need To Stop Doing This On Your AI Projects

    Holographic exhibit of Jewish survivors, and more, comes to Aspen

    Holographic exhibit of Jewish survivors, and more, comes to Aspen

    Supply Chain: How AI can bring transparency and visibility to supply chains, improve security and traceability of products

    Supply Chain: How AI can bring transparency and visibility to supply chains, improve security and traceability of products

    Struggling with drug labels data? Why you should consider natural language processing

    Struggling with drug labels data? Why you should consider natural language processing

  • Vision
    Deep Learning for Image Dehazing- The What, Why, and How

    Deep Learning for Image Dehazing- The What, Why, and How

    How to train and use a custom YOLOv7 model

    How to train and use a custom YOLOv7 model

    viso.ai Logo

    Deep Learning for Person Re-Identification (2022)

    NVIDIA Jetson AGX Orin 32GB Production Modules Now Available; Partner Ecosystem Appliances and Servers Arrive

    NVIDIA Jetson AGX Orin 32GB Production Modules Now Available; Partner Ecosystem Appliances and Servers Arrive

    viso.ai Logo

    Guide to Generative Adversarial Networks (GANs) in 2022

    viso.ai Logo

    14 Applications of Computer Vision in Construction (2022 Guide)

    Pattern Matching With Normalised Greyscale Correlation

    Pattern Matching With Normalised Greyscale Correlation

    Filters In Convolutional Neural Networks

    Filters In Convolutional Neural Networks

    Inside the Artificial Intelligence program that creates images from textual descriptions

    Inside the Artificial Intelligence program that creates images from textual descriptions

  • Robotics
    stradvision

    StradVision brings in $88M for autonomous vehicle software

    slamcore

    SLAMcore expands into China, Korea with Intralink

    Waku Robotics secures $1.64M seed round

    Waku Robotics secures $1.64M seed round

    ouster sensors

    LiDAR maker Ouster brings in $10.3M, loses $28M in Q2

    Geek+

    Geek+ raises another $100M for AMRs

    robotire

    RoboTire installs its first system at Discount Tire

    Amazon to acquire iRobot; Robotics at DHL with Sally Miller

    Amazon to acquire iRobot; Robotics at DHL with Sally Miller

    amazon

    Inside Amazon’s robotics ecosystem – The Robot Report

    Amazon buying iRobot for $1.7B

    Amazon buying iRobot for $1.7B

  • RPA
    How to Create a Rock Solid Technology Portfolio with Hyperautomation?| AutomationEdge

    How to Create a Rock Solid Technology Portfolio with Hyperautomation?| AutomationEdge

    Unlocking the Top Healthcare Automation Trends with Use Cases that Rule the World| AutomationEdge

    Unlocking the Top Healthcare Automation Trends with Use Cases that Rule the World| AutomationEdge

    Staying Ahead of the Time with AI-Powered Customer Experience

    Staying Ahead of the Time with AI-Powered Customer Experience| AutomationEdge

    Why is Developing Decision Intelligence with AI Support Crucial in Healthcare?

    Why is Developing Decision Intelligence with AI Support Crucial in Healthcare?

    Robotic Process Automation using Blue Prism

    Robotic Process Automation using Blue Prism

    AI- The Tech Medicine Ameliorating the Healthcare Industry?

    AI- The Tech Medicine Ameliorating the Healthcare Industry?| AutomationEdge

    Take employee experience into hyperdrive with Hyperautomation

    Hyperautomation- Your Answer to Enhance Employee Experience| AutomationEdge

    Know Why Automation Now Resides in the Heart of Customer Contact Centers| AutomationEdge

    Know Why Automation Now Resides in the Heart of Customer Contact Centers| AutomationEdge

    Conversational AI, Healing the Healthcare Industry| AutomationEdge

    Conversational AI, Healing the Healthcare Industry| AutomationEdge

  • Gaming
    Udyr rework revealed in full, as League of Legends' beloved shaman gets a visual and kit upgrade

    Udyr rework revealed in full, as League of Legends’ beloved shaman gets a visual and kit upgrade

    Dragon Quest Builders 2 showed us the potential of Minecraft clones – so where's Dragon Quest Builders 3?

    Dragon Quest Builders 2 showed us the potential of Minecraft clones – so where’s Dragon Quest Builders 3?

    Oops! Nintendo Almost Leaked The Splatoon 3 Direct A Day Early

    Oops! Nintendo Almost Leaked The Splatoon 3 Direct A Day Early

    Pac-Man munching his way onto the silver screen with a live action movie in development

    Pac-Man munching his way onto the silver screen with a live action movie in development

    Elden Ring patch 1.06 brings gifts for heavy weapon users, and White Mask Varre fans who don't care for PvP

    Elden Ring patch 1.06 brings gifts for heavy weapon users, and White Mask Varre fans who don’t care for PvP

    If you want rollback netcode, you’re going to have to play Dragon Ball FighterZ on PS5, Xbox Series X/S, or PC

    If you want rollback netcode, you’re going to have to play Dragon Ball FighterZ on PS5, Xbox Series X/S, or PC

    Star Wars: KOTOR II Premium And Master Physical Editions Revealed For Switch

    Star Wars: KOTOR II Premium And Master Physical Editions Revealed For Switch

    EVO was dominated by rollback netcode announcements, and I couldn't be happier

    EVO was dominated by rollback netcode announcements, and I couldn’t be happier

    Resident Evil Remakes are fine and all - but I’d trade them for more Dead Rising

    Resident Evil Remakes are fine and all – but I’d trade them for more Dead Rising

  • Investment
    Bluestem-Biosciences-Logo

    Bluestem Biosciences Closes $5M Pre-Seed Funding

    salvo health

    Salvo Health Raises $10.5M in Seed Funding

    ReturnLogic

    ReturnLogic Raises $8.5M in Series A Funding

    WiTricity

    WiTricity Closes $63 Million Funding Round

    precitaste

    PreciTaste Raises $24M in Series A Funding

    Oliver Space

    Oliver Space Raises $36M in Funding

    snkrz

    SNKRZ Closes Funding Round

    kargo

    Kargo Buys Ziggeo – FinSMEs

    Mana Interactive Raises Over $7M IN Seed Funding

    DD360 Raises US$25M Equity Investment From Creation Investments

  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video
No Result
View All Result
AI EXPRESS
No Result
View All Result
Home Security

What counts as ‘malware’? AWS clarifies its definition

by
April 8, 2022
in Security
0
Ukraine deserves an IT army. We have to live with the fallout
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

We’re excited to convey Rework 2022 again in-person July 19 and nearly July 20 – 28. Be part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Register at this time!


Amazon Net Companies had sturdy phrases this week about analysis revealed on a brand new pressure of malware, which was found in its serverless computing service, AWS Lambda.

In a press release (screengrab shared beneath), the general public cloud big went to some lengths to dispute the findings — and within the course of, made an uncommon assertion.

Particularly, the AWS assertion circulated this week to a number of media shops together with VentureBeat mischaracterized what constitutes “malware,” numerous safety consultants confirmed.

The assertion got here in response to research concerning the “Denonia” cryptocurrency mining software program, found by Cado Safety researchers in a Lambda serverless surroundings.

From the AWS assertion: “For the reason that software program depends completely on fraudulently obtained account credentials, it’s a distortion of details to even seek advice from it as malware as a result of it lacks the flexibility to achieve unauthorized entry to any system by itself.”

It’s the second line right here — “it’s a distortion of details to even seek advice from it as malware” — that isn’t appropriate, in accordance with safety consultants.

“Software program doesn’t have to achieve unauthorized entry to a system by itself so as to be thought of malware,” mentioned Allan Liska, intelligence analyst at Recorded Future. “In reality, a lot of the software program that we classify as malware doesn’t achieve unauthorized entry and is as an alternative deployed in a later stage of the assault.”

See also  'BRATA' Android Malware Can Steal Your Data & Wipe Your Smartphone

Malicious intent

Defining the character of a chunk of software program is all concerning the intention of the individual utilizing it, in accordance with Ken Westin, director of safety technique at Cybereason.

Merely put: “If their purpose is to compromise an asset or data with it, then it’s thought of malware,” Westin mentioned.

Some malware variants do have the aptitude to autonomously achieve unauthorized entry to methods, mentioned Alexis Dorais-Joncas, safety intelligence workforce lead at ESET. Probably the most well-known circumstances is NotPetya, which massively unfold by itself, by way of the web, by exploiting a software program vulnerability in Home windows, Dorais-Joncas famous.

Nonetheless, “the overwhelming majority of all packages ESET considers malware do not need that functionality,” he mentioned.

Thus, within the case of Denonia, the one issue that actually issues is that the code was meant to run with out authorization, mentioned Stel Valavanis, founder and CEO of OnShore Safety.

“That’s malware by intent,” Valavanis mentioned.

Cryptomining software program

Denonia seemed to be a custom-made variant of XMRig, a well-liked cryptominer, famous Avi Shua, cofounder and CEO at Orca Safety.

Whereas XMRig can be utilized for non-malicious cryptomining, the overwhelming majority of safety distributors take into account it to be malware, Shua mentioned, citing knowledge from risk intelligence website VirusTotal.

“It’s fairly clear that [Denonia] was malicious,” he mentioned.

The underside line, in accordance with Huntress senior risk researcher Greg Ake, is that malware is “software program with a malicious intent.”

“I might assume an inexpensive jury of friends would discover software program that was put in with the intent to abuse obtainable pc assets — with out the proprietor’s consent, utilizing stolen credentials for private revenue and achieve — could be categorized as malicious intent,” Ake mentioned.

See also  Permiso gets $10M for identity-based public cloud security

Not a worm

Nonetheless, whereas Denonia is clearly malware, AWS Lambda will not be “susceptible” to it, per se, in accordance with Bogdan Botezatu, director of risk analysis and reporting at Bitdefender.

The malware was seemingly planted via stolen credentials, and “issues would have been utterly completely different if the Denonia malware would be capable to unfold itself from one Labmda occasion to a different — reasonably than get copied on cases via stolen credentials,” Botezatu mentioned. “This could make it a worm, which might have devastating penalties.”

And this distinction, finally, appears to have been the actual level that AWS was making an attempt to make.

VentureBeat contacted AWS for touch upon the truth that many safety consultants don’t agree that deeming Denonia to be malware is a “distortion of details.” The cloud big responded Friday with a brand new assertion — suggesting that what the corporate meant to say was that Denonia will not be actually “Lambda-focused malware.”

“Calling Denonia a Lambda-focused malware is a distortion of truth, because it doesn’t use any vulnerability within the Lambda service,” AWS mentioned within the new assertion.

“Denonia doesn’t goal Lambda utilizing any of the actions included within the accepted definition of malware,” the assertion says. “It’s merely malicious software program configured to efficiently execute by way of Lambda, not due to Lambda or with any Lambda-exclusive achieve.”

So there you could have it. The sooner AWS assertion is included beneath.

Screengrab of AWS assertion responding to protection of the “Denonia” analysis, 4/6/22

Source link

Tags: AWSClarifiescountsDefinitionmalware
Previous Post

Unsouled Is A ‘Brutally Intense’ Action-RPG That’s All About Precision Combat

Next Post

LTZ Therapeutics Raises $17M in Pre-Series A Financing

Next Post
cancer

LTZ Therapeutics Raises $17M in Pre-Series A Financing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Newsletter

Popular Stories

  • Cilium launches eBPF-powered Kubernetes service mesh

    Don’t overengineer your cloud architecture

    0 shares
    Share 0 Tweet 0
  • LG TV Owners Can Get 90 Days Of Stadia Pro For Free

    0 shares
    Share 0 Tweet 0
  • Li Industries Raises $7M in Series A Financing

    0 shares
    Share 0 Tweet 0
  • Redfall is making a 30 minute-long appearance at QuakeCon

    0 shares
    Share 0 Tweet 0
  • New protonic programmable resistors improve AI speed and efficiency

    0 shares
    Share 0 Tweet 0

Security Jobs

View 115 Security Jobs at Tesla

View 165 Security Jobs at Nvidia

View 105 Security Jobs at Google

View 135 Security Jobs at Amamzon

View 131 Security Jobs at IBM

View 95 Security Jobs at Microsoft

View 205 Security Jobs at Meta

View 192 Security Jobs at Intel

Accounting and Finance Hub

Raised Seed, Series A, B, C Funding Round

Get a Free Insurance Quote

Try Our Accounting Service

AI EXPRESS

AI EXPRESS is a news site that covers the latest developments in Artificial Intelligence, Data Analytics, ML & DL, Algorithms, RPA, NLP, Robotics, Smart Homes & Cities, Cloud & Quantum Computing, AR & VR and Blockchains

Categories

  • AI
  • Ai videos
  • Apps
  • AR & VR
  • Blockchain
  • Cloud
  • Computer Vision
  • Crypto Currency
  • Data analytics
  • Esports
  • Gaming
  • Gaming Videos
  • Investment
  • IOT
  • Iot Videos
  • Low Code No Code
  • Machine Learning
  • NLP
  • Quantum Computing
  • Robotics
  • Robotics Videos
  • RPA
  • Security
  • Smart City
  • Smart Home

Quick Links

  • Reviews
  • Deals
  • Best
  • AI Jobs
  • AI Events
  • AI Directory
  • Industries

© 2021 Aiexpress.io - All rights reserved.

  • Contact
  • Privacy Policy
  • Terms & Conditions

No Result
View All Result
  • AI
  • ML
  • NLP
  • Vision
  • Robotics
  • RPA
  • Gaming
  • Investment
  • More
    • Data analytics
    • Apps
    • No Code
    • Cloud
    • Quantum Computing
    • Security
    • AR & VR
    • Esports
    • IOT
    • Smart Home
    • Smart City
    • Crypto Currency
    • Blockchain
    • Reviews
    • Video

© 2021 Aiexpress.io - All rights reserved.