Trustpilot said today that it is planning legal action against businesses involved in soliciting fraudulent reviews on its site.

The Danish consumer reviews platform said it was forced to remove over two million fake reviews in 2020 alone, accounting for nearly 6% of those submitted to its site that year.

Although the firm is investing in automated fraud, enforcement and anomaly detection technologies, it said this will now be matched by a step-up in litigation efforts.

Repeat offenders will be hit with enforcement action. Trustpilot said it would seek to prevent them from soliciting fake reviews and try to recover any damages owed. If successful, these will be donated to organizations that protect consumers from online misinformation.

Other tools at Trustpilot’s disposal are cease and desist notices, termination of business, and public banners on offending firms’ profile pages indicating fraud.

“Consumers rely heavily on reviews to make more informed and confident purchasing decisions each and every day. Protecting and promoting trust is fundamental to Trustpilot’s mission,” said the digital firm’s chief trust officer, Carolyn Jameson.

“Whilst the vast majority of businesses use reviews constructively to help get them closer to their customers, we’re prepared to do everything within our power to clamp down on the small minority who do not behave as they should, and instead  use fake and misleading reviews to take advantage of consumers – often those consumers who are particularly vulnerable.”

Fake reviews are an increasing problem for platform providers, consumers and innocent vendors. A report out last year estimated that they could be responsible for as much as $152bn in purchases.

Also, last year, a misconfigured cloud database exposed a significant scheme by vendors using the Amazon marketplace to buy fake reviews from consumers. Vendors send reviewers a list of products to choose from, and if they leave a five-star review, the individual will get to keep the item.

At least 200,000 fake reviewers were implicated in this one scheme alone.

The situation has deteriorated to the point that regulators are stepping in. Last June, the UK’s Competition and Markets Authority (CMA) announced the opening of a formal probe into Amazon and Google over concerns that they’re not doing enough to protect consumers from fake reviews. 

Cybersecurity education provider Infosec Institute is offering scholarships to 15 individuals from underrepresented groups in the cybersecurity industry. 

The $225k in scholarship opportunities will be meted out to veterans, people who identify as BIPOC, students, women who are actively pursuing a career in cybersecurity and members of the LGBTQI+ communities.

Infosec said awarding the scholarships was to reduce the cyber skills and diversity gaps in the industry.

The latest opportunities are part of the institute’s Accelerate Scholarship Program , which has awarded over $500k to aspiring cybersecurity professionals since it was set up in 2018. 

Under the program, 15 scholarship recipients are selected each year to receive lifetime subscriptions to the virtual cybersecurity training resource Infosec Skills which includes access to more than 1400 practical courses, certification training and hundreds of virtual labs in the institute’s cloud-hosted cyber ranges. 

“The need for trained cyber professionals continues to grow, and so does our commitment to helping aspiring professionals advance their careers or get started in this industry,” said Jack Koziol, Infosec CEO and founder. 

“Cybersecurity education can be cost and time prohibitive. Our goal with these scholarships is to break down the barrier of entry, helping fill security roles with talent who bring new perspectives and experiences to our industry.”

Applicants must be at least 18 years old to apply and must be resident in the United States. The deadline to apply for the 2022 Infosec Accelerate Scholarship Program is July 31 2022. Successful applicants will be announced in the first week of September.

The Infosec Accelerate Undergraduate Scholarship is open to college students actively pursuing an associate or bachelor’s degree in a cybersecurity-related field. To apply, students must have a GPA of 3.0 or higher. 

“Now in the fifth year of offering this program, we’re proud to support the growth of our scholarship winners,” said Koziol. 

“We’ve seen many successes with our previous recipients, the motivation and drive they have to learn is inspiring. We will continue to push for and provide opportunities for all types of people to excel in the cybersecurity industry.”

The United States Department of Homeland Security has established a Cyber Safety Review Board (CSRB) to investigate “significant cyber incidents.” 

Mandated via President Joe Biden’s May 12 2021 executive order (EO 14028) on improving the nation’s cybersecurity, the board “shall review and assess, with respect to significant cyber incidents […] affecting Federal Civilian Executive Branch Information Systems or non-Federal systems, threat activity, vulnerabilities, mitigation activities and agency responses.”

The CSRB, which was chartered on September 21 2021, will only operate in an advisory capacity.

Rob Silvers, the DHS’ undersecretary for strategy, policy and plans, has been selected to chair the board for two years. Together with Cybersecurity and Infrastructure Security Agency director Jen Easterly, Silvers will choose up to 20 individuals to serve as board members.

CSRB will be formed by a mixture of government workers and private sector representatives who may need to obtain security clearances. According to instructions included in Biden’s EO, the person chosen to serve as the board’s deputy chair should work in the private sector. 

Members will include at least one representative from the Department of Defense, the Department of Justice, DHS, CISA, the National Security Agency and the Federal Bureau of Investigation. 

A notice published in the Federal Register Thursday stated: “The CSRB will convene following significant cyber-incidents that trigger the establishment of a Cyber Unified Coordination Group as provided by section V(B)(2) of Presidential Policy Directive (PPD) 41; at any time as directed by the President acting through the Assistant to the President for National Security Affairs (APNSA); or at any time the Secretary or CISA Director deems necessary.”

After reviewing a cyber-incident, the CSRB “may develop advice, information, or recommendations for the Secretary for improving cybersecurity and incident response practices and policy.”

The notice said that CSRB’s advice on cybersecurity would be made publicly available “whenever possible” but that some information may be redacted to prevent the disclosure of sensitive data.

DHS secretary Alejandro Majorkas has exempted the board from the transparency rules of the Federal Advisory Committee Act “in recognition of the sensitive material utilized in CSRB activities and discussions.” 

Malware continues to be one of the most effective attack vectors in use today, and it is often combatted with machine learning-powered security tools for intrusion detection and prevention systems.

According to Nidhi Rastogi, Assistant Professor at the Rochester Institute of Technology, machine learning security tools are not nearly as effective as they could be, as several different limitations often hinder them. Rastogi presented her views on the limitations of machine learning for security and a potential solution known as contextual security at a session on February 2 at the Engima 2022 Conference.

A key challenge for contemporary machine learning security comes from false alerts. Rastogi explained the impact of false alerts is both wasted time by organizations and security gaps that could potentially expose an organization to unnecessary risk.

“It is very difficult to get rid of false positives and false negatives,” Rastogi said.

Why Machine Learning Models Generate False Alerts

Among the primary reasons machine learning models tend to generate false alerts is a lack of sufficient representative data.

Machine learning, by definition, is an approach where a machine learns how to do something that is often enabled by some form of training on a data set. If the training data set doesn’t have all the correct data, it cannot identify all malware accurately.

Rastogi said that one possible way to improve machine learning security models is to integrate a continuous learning model. In that approach, as new attack vectors and vulnerabilities are discovered, the new data is continuously being used to train the machine learning system.

Adding Context to Boost Malware Detection Efficacy

However, getting the right data to train a model is often easier said than done. Rastogi suggests providing additional context as an opportunity to improve malware detection and machine learning models.

The additional context can be derived from third-party and open source threat intelligence (OSINT) sources. Those sources provide threat reports and analysis on new and often novel attacks. The challenge with OSINT is that it is usually in the form of unstructured data, blog posts and other formats that don’t work particularly well to train a machine learning model.

“These reports are written in human-understandable language and provide context which otherwise wouldn’t be possible to capture in code,” Rastogi said.

Using Knowledge Graphs for Contextual Security

So how can unstructured data help to inform machine learning and improve malware detection? Rastogi and her team are attempting to use an approach known as a knowledge graph.

A knowledge graph uses what is known as a graph database, which maps the relationship between different data points. According to Rastogi, the biggest advantage of using knowledge graphs is that it enables an approach to capture and better understand unstructured information written in a language understood by humans.

“All of this combined data on a knowledge graph can help to identify or infer attack patterns when a malware threat is evolving,” she said. “That’s the advantage of using knowledge graphs, and that’s what our research is pursuing.”

By adding context and data lineage that help track the source of the data and its trustworthiness, Rastogi said that the overall accuracy of malware detection could be improved.

“We need to go beyond measuring the performance of machine learning models using accuracy and precision scores,” Rastogi said. “We want to be able to help analysts by inference with confidence and context.”

Brits could be facing a snack shortage following a cyber-attack on 169-year-old food producer KP Snacks. 

The German-owned maker of KP Nuts, Hula Hoops, Choc Dips, Nik Naks and Butterkist popcorn was targeted by threat actors on Friday. After gaining access to the company’s network, hackers deployed ransomware and took the snack maker’s data hostage.

“As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation,” said the British-based firm, which is known internationally for its potato chips sold under brands that include McCoy’s, Tyrrell’s and POM-BEAR.

KP Snacks, which is owned by Intersnack, said that its internal IT teams are working with third-party experts to assess the situation.

Shoppers seeking their favorite snacks may go home disappointed as the website Better Retailing, which first published news of the attack, reported that retailers had been warned by KP Snacks of delays to deliveries. 

According to a letter sent out to shop owners and published by Better Retailing, KP Snacks “cannot safely process orders or dispatch goods” because of the cyber-attack.

Disruptions including late deliveries and cancellations could plague the snack maker “until the end of March at the earliest”. 

“While this is causing some disruption to our manufacturing and shipping processes, we are already working on plans to keep our products stocked and on shelves,” said the company in a statement. 

“We have been continuing to keep our employees, customers, and suppliers informed of any developments and apologize for any disruption this may have caused.”

BBC News reported that cyber-criminals have published on the dark net what appear to be personal documents from KP Snacks staff, featuring the company letterhead. The post threatened to publish more data unless a ransom was paid.

Keiron Holyome, vice president UK, Ireland, and Middle East, at BlackBerry, commented: “This attack on KP Snacks underscores that the global cyber risk equally applies to British institutions and their supply chains, with KP Snacks now predicting shortages after a ransomware attack.

“It doesn’t matter whether it’s logistics, fuel or food–these supply chains present unique and complex challenges from a cybersecurity perspective.”