Whaling is much like phishing, but hackers target more lucrative targets. Also, unlike phishing, whaling involves targeting fewer individuals and with more specific attacks. SIMEON TASSEV, offers some tips to prevent a company from becoming a whaling target.
One of the largest online security threats to individuals and businesses today doesn’t come from new sophisticated malware tools, but rather from distinctly low-tech phishing and whaling campaigns. A recent survey of IT experts from the US, UK, South Africa and Australia exposed the reality that cyber threats are increasing both in volume and size, and that up to 55% of organisations have seen a rise in whaling email attacks over the last three months of 2015. What is the difference between whaling and phishing? Realistically, “whaling” is just another term for “phishing”, the difference between the two lies in the size of the fish, and thus “whaling” refers to bigger, more lucrative targets.
Whaling involves targeting fewer individuals but the attacks are more specific. Whereas phishing is based on volume, whaling is the opposite and targets a much smaller audience, which is usually an organisation’s “big phish”. These are usually high-value individuals whose credentials or access to data, if compromised, could endanger the entire business; which is why these kind of attacks are also called “Business Email Compromise” attacks. These kinds of threats are harder to detect because they are stealthier and fewer in number than widespread phishing campaigns. Targets of choice for whalers include senior executives and high-level officials in private businesses, as well as those with privileged access to government information.
The anatomy of a whaling attack
Whaling attacks are generally directed at business executives at large organisations and the intention behind these attacks is to trick financial staff into making fraudulent wire transfers to bank accounts controlled by whalers. How do these attackers get it right? Their targeted campaigns typically involve emails that appear to be from the CEO, Chief Financial Officer or other senior executive to an individual within the company who holds the authority to make electronic transfers on behalf of the organisation.
These emails make use of compelling language that conveys a sense of urgency to get the recipient to act as quickly as possible in response to the email. An example of such an attack is where an email comes through, purportedly from the CEO, asking finance staff to rush through a payment to a supplier that the executive cannot handle because they are out of the office.
Attacks from the inside
Research shows that most whaling attacks pretend to be from the CEO (72%), while 36% had seen whaling emails attributed to the CFO, which means that this type of targeted attack relies on a significant amount of prior research into the targeted organisation to allow attackers to identify their target correctly and obtain the most successful result possible. Whalers do their research on corporate databases and make use of social networking sites like Facebook, LinkedIn and Twitter to trawl for information. It is because whaling emails rely on social engineering to trick their targets into doing something, rather than tricking them to click on a hyperlink or malicious attachment, that whaling emails are harder to detect when compared to phishing emails.
Protecting your company from whaling attacks
From an organisational point of view, such attacks can be approached with the same mindset applied for corporate espionage security, as they are essentially the same. The controls are still along the lines of anti-phishing technology which is linked to email, but because of the targeted nature of the whaling attack, it can be a lot more difficult for technology to pick up, which is why it’s important to add an awareness element to preventive measures taken.
This means educating senior management, key personnel and finance teams about this specific kind of attack and asking them to be more suspicious of requests received through email. While there are technologies that can be used to confirm, for example, the originator’s email, it is incumbent on the recipient to confirm or identify the source of communication before they take action on the email and to this end, finance team procedures will need to be reviewed in order to prevent whaling, specifically how payments to external third parties are authorised.
Furthermore, senior executives need to be careful what kind of contact information is available for them in the public domain. This means that a company should have a policy in place which refers to access control to and disclosure of senior personnel contact information. Realistically, someone may not have an issue giving a contact number for the help desk, but they should have an issue giving a contact number for their senior executives and access controls should be implemented to hinder information gathering tactics.
It is also advisable to make use of various technological measures that simplify the matter. In terms of validating the source of emails, like with phishing, whaling emails can have the source of the email description and the technical structure of the email validated, using targeted threat prevention solutions integrated with email security. Also useful is inbound email stationery that marks and alerts personnel to emails that have come from outside the corporate network. Additionally, domain name registration alerts can be used to notify an organisation when domains are created that closely resemble that corporate’s domain, making it that much harder for a whaler to launch a successful attack from within.
- Simeon Tassev, Director and QSA, Galix Networking
Now IBM’s Watson joins IoT revolution in agriculture
Global expansion of the Watson Decision Platform taps into AI, weather and IoT data to boost production
IBM has announced the global expansion of Watson Decision Platform for Agriculture, with AI technology tailored for new crops and specific regions to help feed a growing population. For the first time, IBM is providing a global agriculture solution that combines predictive technology with data from The Weather Company, an IBM Business, and IoT data to help give farmers around the world greater insights about planning, ploughing, planting, spraying and harvesting.
By 2050, the world will need to feed two billion more people without an increase in arable land . IBM is combining power weather data – including historical, current and forecast data and weather prediction models from The Weather Company – with crop models to help improve yield forecast accuracy, generate value, and increase both farm production and profitability.
Roric Paulman, owner/operator of Paulman Farms in Southwest Nebraska, said: “As a farmer, the wild card is always weather. IBM overlays weather details with my own data and historical information to help me apply, verify, and make decisions. For example, our farm is in a highly restricted water basin, so the ability to better anticipate rain not only saves me money but also helps me save precious natural resources.”
New crop models include corn, wheat, soy, cotton, sorghum, barley, sugar cane and potato, with more coming soon. These models will now be available in the Africa, U.S. Canada, Mexico, and Brazil, as well as new markets across Europe and Australia.
Kristen Lauria, general manager of Watson Media and Weather Solutions at IBM, said: “These days farmers don’t just farm food, they also cultivate data – from drones flying over fields to smart irrigation systems, and IoT sensors affixed to combines, seeders, sprayers and other equipment. Most of the time, this data is left on the vine — never analysed or used to derive insights. Watson Decision Platform for Agriculture aims to change that by offering tools and solutions to help growers make more informed decisions about their crops.”
The average farm generates an estimated 500,000 data points per day, which will grow to 4 million data points by 2036 . Applying AI and analysis to aggregated field, machine and environmental data can help improve shared insights between growers and enterprises across the agriculture ecosystem. With a better view of the fields, growers can see what’s working on certain farms and share best practices with other farmers. The platform assesses data in an electronic field record to identify and communicate crop management patterns and insights. Enterprise businesses such as food companies, grain processors, or produce distributors can then work with farmers to leverage those insights. It helps track crop yield as well as the environmental, weather and plant biologic conditions that go into a good or bad yield, such as irrigation management, pest and disease risk analysis and cohort analysis for comparing similar subsets of fields.
The result isn’t just more productive farmers. Watson Decision Platform for Agriculture could help a livestock company eliminate a certain mold or fungus from feed supply grains or help identify the best crop irrigation practices for farmers to use in drought-stricken areas like California. It could help deliver the perfect French fry for a fast food chain that needs longer – not fatter – potatoes from its network of growers. Or it could help a beer distributor produce a more affordable premium beer by growing higher quality barley that meets the standard required to become malting barley.
Watson Decision Platform for Agriculture is built on IBM PAIRS Geoscope from IBM Research, which quickly processes massive, complex geospatial and time-based datasets collected by satellites, drones, aerial flights, millions of IoT sensors and weather models. It crunches large, complex data and creates insights quickly and easily so farmers and food companies can focus on growing crops for global communities.
IBM and The Weather Company help the agriculture industry find value in weather insights. IBM Research collaborates with start up Hello Tractor to integrate The Weather Company data, remote sensing data (e.g., satellite), and IoT data from tractors. IBM also works with crop nutrition leader Yara to include hyperlocal weather forecasts in its digital platform for real-time recommendations, tailored to specific fields or crops. IBM acquired The Weather Company in 2016 and has since been helping clients better understand and mitigate the cost of weather on their businesses. The global expansion of Watson Decision Platform for Agriculture is the latest innovation in IBM’s efforts to make weather a more predictable business consideration. Also just announced, Weather Signals is a new AI-based tool that merges The Weather Company data with a company’s own operations data to reveal how minor fluctuations in weather affects business.
The combination of rich weather forecast data from The Weather Company and IBM’s AI and Cloud technologies is designed to provide a unique capability, which is being leveraged by agriculture, energy and utility companies, airlines, retailers and many others to make informed business decisions.
 The UN Department of Economic and Social Affairs, “World Population Prospects: The 2017 Revision”
 Business Insider Intelligence, 2016 report: https://www.businessinsider.com/internet-of-things-smart-agriculture-2016-10
What if Amazon used AI to take on factories?
By ANTONY BOURNE, IFS Global Industry Director for Manufacturing
Amazon recently announced record profits of $3.03bn, breaking its own record for the third consecutive time. However, Amazon appears to be at a crossroads as to where it heads next. Beyond pouring additional energy into Amazon Prime, many have wondered whether the company may decide to enter an entirely new sector such as manufacturing to drive future growth, after all, it seems a logical step for the company with its finger in so many pies.
At this point, it is unclear whether Amazon would truly ‘get its hands dirty’ by manufacturing its own products on a grand scale. But what if it did? It’s worth exploring this reality. What if Amazon did decide to move into manufacturing, a sector dominated by traditional firms and one that is yet to see an explosive tech rival enter? After all, many similarly positioned tech giants have stuck to providing data analytics services or consulting to these firms rather than genuinely engaging with and analysing manufacturing techniques directly.
If Amazon did factories
If Amazon decided to take a step into manufacturing, it is likely that they could use the Echo range as a template of what AI can achieve. In recent years,Amazon gained expertise on the way to designing its Echo home speaker range that features Alexa, an artificial intelligence and IoT-based digital assistant.Amazon could replicate a similar form with the deployment of AI and Industrial IoT (IIoT) to create an autonomously-run smart manufacturing plant. Such a plant could feature IIoT sensors to enable the machinery to be run remotely and self-aware; managing external inputs and outputs such as supply deliveries and the shipping of finished goods. Just-in-time logistics would remove the need for warehousing while other machines could be placed in charge of maintenance using AI and remote access. Through this, Amazon could radically reduce the need for human labour and interaction in manufacturing as the use of AI, IIoT and data analytics will leave only the human role for monitoring and strategic evaluation. Amazon has been using autonomous robots in their logistics and distribution centres since 2017. As demonstrated with the Echo range, this technology is available now, with the full capabilities of Blockchain and 5G soon to be realised and allowing an exponentially-increased amount of data to be received, processed and communicated.
Manufacturing with knowledge
Theorising what Amazon’s manufacturing debut would look like provides a stark learning opportunity for traditional manufacturers. After all, wheneverAmazon has entered the fray in other traditional industries such as retail and logistics, the sector has never remained the same again. The key takeaway for manufacturers is that now is the time to start leveraging the sort of technologies and approaches to data management that Amazon is already doing in its current operations. When thinking about how to implement AI and new technologies in existing environments, specific end-business goals and targets must be considered, or else the end result will fail to live up to the most optimistic of expectations. As with any target and goal, the more targeted your objectives, the more competitive and transformative your results. Once specific targets and deliverables have been considered, the resources and methods of implementation must also be considered. As Amazon did with early automation of their distribution and logistics centres, manufacturers need to implement change gradually and be focused on achieving small and incremental results that will generate wider momentum and the appetite to lead more expansive changes.
In implementing newer technologies, manufacturers need to bear in mind two fundamental aspects of implementation: software and hardware solutions. Enterprise Resource Planning (ERP) software, which is increasingly bolstered by AI, will enable manufacturers to leverage the data from connected IoT devices, sensors, and automated systems from the factory floor and the wider business. ERP software will be the key to making strategic decisions and executing routine operational tasks more efficiently. This will allow manufacturers to keep on top of trends and deliver real-time forecasting and spot any potential problems before they impact the wider business.
As for the hardware, stock management drones and sensor-embedded hardware will be the eyes through which manufacturers view the impact emerging technologies bring to their operations. Unlike manual stock audits and counting, drones with AI capabilities can monitor stock intelligently around production so that operations are not disrupted or halted. Manufacturers will be able to see what is working, what is going wrong, and where there is potential for further improvement and change.
Knowledge for manufacturing
For many traditional manufacturers, they may see Amazon as a looming threat, and smart-factory technologies such as AI and Robotic Process Automation (RPA) as a far off utopia. However, 2019 presents a perfect opportunity for manufacturers themselves to really determine how the tech giants and emerging technologies will affect the industry. Technologies such as AI and IoT are available today; and the full benefits of these technologies will only deepen as they are implemented alongside the maturing of other emerging technologies such as 5G and Blockchain in the next 3-5 years. Manufacturers need to analyse the needs which these technologies can address and produce a proper plan on how to gradually implement these technologies to address specific targets and deliverables. AI-based software and hardware solutions will fundamentally revolutionise manufacturing, yet for 2019, manufacturers just have to be willing to make the first steps in modernisation.