What Kind of Professionals Work in Our Security Operations Center (SOC)?

ElevenPaths    16 April, 2020

From our Security Operations Center (SOC), located in 12 different points around the world, we offer Prevention, Detection and Response services that allow us to guarantee our client’s privacy. However, this is only possible thanks to the work of our more than 400 experts.

This work is done 24 hours a day, 7 days a week, so that we can provide continuous and customized attention. To this end, we rely on different profiles:

Security Manager

  • Dialogue with the client
  • End-to-end management
  • Security governance

Technical Office

  • Client Vision
  • Administration and support
  • Security monitoring

Local Analyst

  • Classification of information
  • Client’s Contextualization
  • Technology experts

Team Leader (24/7)

  • SLA compliance (Service-Level Agreement)
  • KPI monitoring
  • Generation of Synergies

Service Coordinator

  • Service evolution
  • Contract monitoring
  • Asset Management

If you want to learn more about our SOC and how we work on it, don’t miss this interesting video:

Rebuilding Mocoa with Big Data

AI of Things    15 April, 2020

The possibilities of Big Data to contribute to social good are infinite and has proven itself as an indispensable tool to achieve the Sustainable Development Goals by 2030.

The natural disaster that occurred in Mocoa, capital of Putumayo, in March 2017, affected more than 22,000 people, killed 332 and impacted 48 neighbourhoods. This event motivated the Centre for International Strategic Thinking (Cepei), Telefónica Movistar and LUCA to carry out a study using Big Data, consisting of the exploration of mobile connectivity data to understand how the population was displaced as a result of what happened between 31 March and 1 April 2017.

Through the analysis of anonymised and aggregated mobile data, it was possible to gain an understanding of the internal and external mobilisation processes before, during and after the tragedy. This type of analysis seeks to provide useful information in order to strengthen future planning and decision-making processes in the territory with respect to the management of natural disasters, to provide special attention to the mobility and care of the population. The recording and monitoring of the impact generated by the tragedy was achieved using non-traditional sources of data to complement traditional data sources, such as official statistics. From this, a proper plan could be formulated with focus on resilience and risk prevention, as stated in the ODS target 13.1

Strengthen resilience and adaptive capacity to climate-related hazards and natural disasters in all countries.

ODS target 13.1

For more information on what happened in Mocoa, see the story “Rebuilding Mocoa through data“, on the Data República platform, sponsored by Cepei. The results of the investigation, available on the platform, highlighted a decrease of mobiliation of 45% of the population in the days surrounding the tragedy, with the main places being Pasto, Sibundoy, Puerto Caicedo, Orito and Bogotá. Similarly, it was found that the population did not return to Mocoa as planned, suggesting that there was a failure to ensure the minimum quality of life conditions that had been envisaged.

Projects such as this one highlight the importance of generating public-private alliances, which allow for greater and improved data collection for decision making on issues affecting citizens. In particular, the project has demonstrated how useful mobile data can be as a source of population mobility, especially relevant in situations of crisis or emergency.

To stay up to date with LUCA, visit our Webpage, subscribe to LUCA Data Speaks and follow us on TwitterLinkedIn YouTube.

ElevenPaths and Chronicle partner to create new advanced managed security services

ElevenPaths    15 April, 2020

ElevenPaths, Telefónica’s cybersecurity company, today announced a strategic collaboration with Chronicle, a cybersecurity solutions company part of Google Cloud, aimed at bringing more powerful and flexible managed security analytics services to enterprise companies in Europe and Latin America.

The ongoing growth in security data generated by most enterprises, combined with a shortage of trained security professionals available to hire, has caused more and more organizations to move to managed services model for security operations. Managed Security Service Providers (MSSPs) and Managed Detection and Response (MDRs) organizations can deliver more effective threat monitoring and response, with better economics, than internal efforts. ElevenPaths as an Intelligent MSSP provides both MSS and MDR services to enhance the security posture to a variety of corporate clients.

ElevenPaths and Chronicle are working together to integrate Chronicle security analytics services into the ElevenPaths managed security offerings. Potential benefits to ElevenPaths customers are envisaged to include:

  • Improved detection of potential threats, due to advanced malware detection capabilities and to our skilled teams;
  • Faster troubleshooting of security alerts, from Chronicle’s ability to analyze telemetry at the speed of search;
  • More effective investigation of incidents, based on a longer retention of security telemetry.

The firms plan to build out new joint offerings and expect to release these later in the year.

“In an environment of massive security data and hard-to-find security experts, ElevenPaths MDR services enable our customers with advanced capabilities of monitoring, detection, hunting and response through its i-SOC,” told Alberto Sempere, director of product and go to market of ElevenPaths. “Using Chronicle’s solution to process the sheer volume of security telemetry that a modern enterprise generates will allow our MDR team to speed time to investigate and to respond, thereby reinforcing cyber-resilience of our customers.”

“Chronicle’s ability to retain petabytes of enterprise data for extended periods of time, and to make it available in less than a second for security analysts, helps our partners better protect their own customers,” said Enrico Risi, Head of EMEA Google Cloud Security Sales.  “Integrating our ability to link security events with ElevenPaths’ own data handling strengths will provide enterprises with powerful new tools to fight cybercrime.”

Cybersecurity is one of the recently integrated digital services offered by Telefónica, together with the cloud and IoT/Bif Data, in Telefónica Tech, a new unit that brings together these three businesses with a high growth potential and with which it seeks to accompany its customers in their digital transformation.

Press release available here:

Risk Analysis Applied to COVID-19

Gabriel Bergel    13 April, 2020

During last weeks we have seen all kinds of analyses and theories around Covid-19. However probably many may have not realized that we can apply the methodology of risk analysis, a methodology so well-known by us hackers and by those professionals working in the field of cybersecurity. In the first season of our webinars #11PathsTalks we already discussed this topic, especially because of the importance of understanding this process in order to perform an appropriate technological risk management within our companies, but also to understand well how to face the new cyberthreats.

This process is increasingly recognized within the industry, there are many methodologies, ISO (ISO 27005) and it’s increasingly required in international certification processes, such as the case of PCI DSS that includes it as a requirement in the process of Ethical Hacking.

The current situation of confinement, quarantine, tension, overexposure to information, the challenge of proper time management at home, etc. have increased my levels of paranoia and scepticism so I question everything twice over.

Among those issues, and discussing with colleagues and non-colleagues, I realized that most of them found it difficult to understand how to protect themselves in an adequate way to face this new COVID-19 pandemic. Also, I realized in the weekly call with my CSA colleagues about the many analogies present in the risk analysis process that we regularly perform (I hope) to analyze the risks present within our organization.

Qualitative Risk Analysis Applied to COVID-19

Risk (Macmillan Dictionary):

1. The possibility that something unpleasant or dangerous might happen.

Risk analysis is a process that seeks to identify the security risk of an asset, determining its probability of occurrence, its impact on the business and the controls that mitigate the impact (or the probability of occurrence).

Approach based on: Probability – Impact

As we would do traditionally, but in this case focusing only on COVID-19 as the threat we wish to analyze. We will identify the asset(s) that could be affected by such threat; the vulnerabilities that could allow that threat to affect the asset; the probability of occurrence of that threat (considering the vulnerabilities) affecting the asset, and the impact associated with that threat (through vulnerabilities) affecting the asset. As always, one of the objectives is to define which controls minimize the probability of occurrence or impact. Let’s see the general context:

General context of information security
Figure 1: General context of information security
  • Threat: Event that can adversely affect the confidentiality, integrity or availability of information assets. In this case it is an event that can affect our health (integrity), the COVID-19.
  • Asset: Anything of value to the organization. In our case, the asset to be protected is the people.
  • Vulnerability: A weakness that makes it easier the materialization of a threat. In our case they would be:
    • Being over 80 years old
    • Being in poor health or physical condition
    • Suffering from chronic diseases
    • Having special needs (disability)
    • Having bad habits (not washing hands, coughing without covering mouth)
    • Not following the recommendations (mask, quarantine)
  • Probability of risk: Frequency with which the risk could occur in a given period of time. Levels of probability of occurrence (of infection in this case):
    • High
    • Medium
    • Low
  • Impact: Consequences if a particular asset is affected in terms of confidentiality, integrity or availability. In our case they are the consequences that would occur if an asset (person)’s health is affected. Potential impact:
    • Low: to be infected with COVID-19 and have no after-effects.
    • Medium: to be infected with COVID-19 and have after-effects.
    • High: to die from COVID-19.

Simplified Risk Analysis Matrix – COVID-19 – Inherent Risk

Absolute or inherent risk is the risk that does not consider controls.

Simplified Risk Analysis Matrix – COVID-19 – Residual Risk

The residual risk is the risk resulting from the application of controls.

Risk Analysis Result

Matrix of risks identified
Figure 2: Matrix of risks identified

Results of the Risk Analysis to COVID-19 – Inherent Risk

Matrix of inherent risks
Figure 3: Matrix of inherent risks

Results of the Risk Analysis to COVID-19 – Residual Risk

Figure 4: Matrix of residual risks

Conclusions

As it can be seen, the process of risk analysis aims to identify and apply controls to reduce the probability of occurrence or the associated impact, or both at best.

Figure 3 shows that the risks are all at medium and high levels, so they must be managed by applying the controls identified. This way, Figure 4 shows how control application decreased the probability of occurrence or associated impact and thus risks decreased.

The most important point to understand in this case of COVID-19 is that by applying all these controls or expert recommendations we are not killing the virus, just decreasing its probability of infection. However, by applying these recommendations we are also decreasing the impact: if we don’t get infected, we are not at risk of dying from the virus (highest impact of this threat).

Top 10 TED Talks to Learn about Cyber Security

Gonzalo Álvarez Marañón    8 April, 2020

The average level of professional talks is often so low that people prefer to work than listen. You’ll see this in all kinds of meetings: by the second slide, attendees are already replying to mails or finishing a report. Fortunately, it isn’t the case for all talks: for more than 20 years, TED talks have been bringing a glimmer of hope on this bleak picture. In this entry we bring you the Top 10 TED Talks to Learn about Cybersecurity as well as the guidelines and tricks on how to improve your own presentations.

1. Bruce Schneier: The Security Mirage

Security is both a feeling and a reality. The feeling and the reality of security are certainly related, but it is also true that they are not the same thing. Most of the time, when the perception of security does not match with the reality of security, it is because the perception of risk does not match with the reality of risk.

We do not assess security compromises mathematically by examining the relative probabilities of different events. Instead, we use shortcuts, general rules, stereotypes and biases, generally known as heuristics. These heuristics affect how we think about risks, how we assess the probability of future events, how we consider costs and how we make trade-offs. And when those heuristics fail, our sense of security moves away from the reality of security.

Cryptography guru Bruce Schneier explains some of the cognitive biases behind our poor risk assessment in cybersecurity and how to overcome them.

2. Chris Domas: The 1s and 0s Behind Cyber Warfare

Cybersecurity researcher Chris Domas recounts how a 30-hour session in the lab spent deciphering a binary code led to an epiphany about a better method for humans to process that kind of data. Domas breaks down how the act of translating binary information into a visual abstraction can save researchers tons of time—and potentially save lives.

3. Caleb Barlow: Where Is Cybercrime Really Coming from?

The former vice president at IBM Security proposes to respond to cybercrime with the same collective effort we apply to a health crisis like Covid-19: sharing timely information about who is infected and how the disease is spreading. According to Barlow, we need to democratize risk intelligence data. We need to get public and private organizations to open up and share their private arsenal of information. Cyberattackers are moving fast, so we need to move faster. And the best way to do that is to open up and share data about what is happening. If you don’t share, then you’re part of the problem.

4. Mikko Hypponen: Fighting Viruses, Defending the Internet

It’s been 25 years since the first PC virus (Brain A) hit the net spreading from diskette to diskette. What was once an annoyance has now become a sophisticated tool for crime and espionage. In this talk, Hypponen explains how the economy of cybercrime work.

5. Ralph Langnet: Cracking Stuxnet, a 21st-century Cyber Weapon

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team identified that Stuxnet was a cyberphysical attack aimed at a specific target. They identified that such target was the Iranian nuclear program (something no one wanted to believe for months) and analysed the exact details of how this attack, or more accurately these two attacks, were meant to work. In this talk you will learn how targeted attacks against critical infrastructure work.

6. Mikko Hypponen: Three Types of Online Attack

There are three major groups of cyberattackers: cybercriminals (who seek to get rich by running illegal online businesses), hacktivists (who seek to protest and change political situations), and governments. Governments seek to spy on and control citizens. Yes, even in Western democracies: Your government is spying on you.

7. Avi Rubin: All Your Devices Can Be Hacked

Cyberattacks go beyond computer damage and data theft. They can also kill. This talk explains how device hacking with actual impact on human lives work: medical devices, vehicles, etc. Any device with software can be vulnerable. It will contain bugs that will be exploited. We can’t forget that all technology must incorporate security.

8. James Lyne: Everyday Cybercrime and What You Can Do about It

Are you aware of what your devices reveal about you? How much security and privacy do you give away in exchange for convenience and usefulness? Malware works because 99% of victims don’t take the most basic precautions. How does malware attack? What can happen to you? And how can you protect yourself? James Lyne will teach it to you over this talk.

9. Lorrie Faith Cranor: What’s Wrong with Your Pa$$w0rd?

To fight against the weaknesses of text-based passwords, both inherent and user-induced, administrators and organizations often establish a set of rules -a password policy- that users must follow when choosing a password. What should a good password look like? After studying thousands of real passwords to figure out the most surprising and common user’s mistakes, Lorrie Cranor has some answers.

10. Finn Myrstad: How Tech Companies Deceive You into Giving up Your Data and Privacy

What’s the point of protecting your home with a lock if anyone can get in through a connected device? Even though you never read the terms and conditions, you check the box saying you did, and Boom! You agree to have your personal information collected and used. Companies put the entire burden on the consumer. Technology will only benefit society if the most basic human rights are respected, such as privacy.

COVID-19: Risk Guide and Recommendations on Cyber Security

SCC CyberThreats Service    7 April, 2020

From the point of view of cyber security, the current situation caused by the coronavirus is also particularly worrying. Users and companies are being threatened. From the Telefonica’s SCC CyberThreats Service we have divided these risks into external (those related to misinformation) and internal (those related to teleworking).

External Risks Related to Misinformation

Cybercrime doesn’t stay away from the current situation. An example of this is the use of the Covid-19 by known malicious actors. They take advantage of user’s interest to hide malicious documents, perform fraud attempts and even exploit malware aimed at stealing information.

  • Malware and ransomware, phishing/malspam campaigns: phishing campaigns that impersonate health or government agencies and send malicious attachments aimed at spreading malware such as TrickBot or FormBook. Spam campaigns under the theme of taking out a health insurance that aims to spread Hancitor malware. Ransomware attacks against health organisations such as the WHO. New ransomware families such as “Coronavirus” have even been developed.
    • Recommendations:
      • Distrust emails from unusual sources.
      • Don’t click on links included in the body of emails.
      • Don’t enable macros for attachments if they are not from trusted users.
      • Before entering personal credentials, check the legitimacy of the services through their URL.
  • Interactive applications: Spread of AZORult malware through access to interactive maps with statistics on infections, recoveries and deaths per country; packages and multi-sub processing techniques. AZORult is one of the botnets that most credentials has compromised in the last year.
  • Social alert, misinformation: These are hoaxes or deceptions that seek to alarm citizens by using fake information that may be rapidly spread thanks to instant messaging apps. These apps make such information viral and increases potential incidents. Infodemic is a term coined by the WHO to refer to the “overabundance of information that makes it difficult for people to find reliable sources and guidance when they need it”. Without a doubt, it’s is the best partner of this pandemic.
    • Recommendations:
      • Always analyse the source of the news that is being consumed and try to reach the its original source.
      • Don’t stay in the headline, read the information completely.
      • The best remedy is not to contribute to the dissemination of unverified information.

Internal Risks Related to Teleworking

Due to the arrival of Covid-19, many companies and users have been forced to telework on a massive scale. This entails an increased risk, since vulnerable software or improperly secured information may be targeted by attacks and intrusions. The situation may also boost the emergence of insiders.

  • Vulnerabilities: VPN connections: increase in the volume of employees using these networks, so their availability may be affected. In addition, a lack of their use may mean that they do not have an appropriate level of security.
    • Recommendations:
      • Updated security settings.
      • Have a contingency plan in case the remote access service fails.
      • RDP: control access to resources and equipment through ad hoc backdoor configurations, unsecured RDP connections and other configurations.
  • Vulnerabilities, personal computers: impossibility of using resources hosted in the companies’ facilities, as well as controlling the installation of securitised programs in workstations. Outsourcing staff can make it difficult to control securitised workstations.
    • Recommendations:
      • Avoid the practice of Bring Your Own Device (BYOD). Rather, use corporate equipment as personal equipment may not be protected by corporate security systems.
      • Avoid the use of non-corporate or not commonly used programs.
  • Sensitive information, information exposure: a need arises to move tools, access credentials or other resources to the computer you will be working from remotely. The insiders, people with access to privileged information, are at a greater risk if they belong to IT teams.
    • Recommendations:
      • Avoid the use of non-private collaborative and sharing tools (Github –public-, Bitbucket, Pastebin, Trello, etc.).
      • Control the possibility that those affected by staff adjustments might filter out privileged information.
  • Sensitive information, impersonation of teams: the increase in messages from communication, HR or IT teams including instructions for teleworking poses an increase in false e-mails that impersonate them and are intended to provide the employee with compromised resources or links to malicious websites.
    • Recommendations:
      • Always use official communication channels that make it possible for employees to receive up-to-date information from corporate sources on the actions to be taken.

New ways of working with Artificial Intelligence

Olivia Brookhouse    6 April, 2020

The situation in which we all find ourselves this month is something none of us could have imagined. Due to coronavirus, we are all confined to the walls of our homes, which presents many challenges, both on a personal and professional level. However, it has also allowed a time of true reflection about what is important and how we will proceed once this is all over.

We have all seen the importance of healthcare and technology to save lives and keep businesses going. Environmental experts have remarked how quickly climate change can be stopped when WE all stop and we continue to demonstrate our ability to stay connected when we are all far apart. So, what does this mean for the future of work and how will Artificial Intelligence play a vital role?

The power of technology to connect all of us in the lack of face to face contact has been truly extraordinary. Whether it has allowed you to host large conference calls, have a drink with friends or tune in to workouts by Instagram influencers, we have depended on technology in one way or another. Of course, many of these capabilities have existed for some time but never have they been quite so necessary.

Remote working becomes a necessity

This time has certainly showed companies the ability to work remotely and for many the need to innovate processes in order to achieve what other companies are doing so effortlessly. Whilst many of us do miss the coffee breaks and office banter, home working also comes with many benefits which only some of us were accustomed to before. The typical 9 to 5 routine can be thrown out the window; enjoy flexible working hours, design your working day around you, avoid the long commute, exercise when you want, cook what you want, wake up later, take calls in the garden, spend time with your children, the possibilities go on.

As more companies are forced into this newbie way of work, the demand for dynamic platforms to facilitate Telework have also increased. The logistics, cost and environmental impact of bringing together hundreds of people from multiple countries to meet in a single location has always been a big challenge for companies but this period has kick started new processes which might have taken takes months or even years for large corporations to design. New ways of working have had to be introduced in a matter of days.

This is not to say we should replace traditional working for teleworking all together. Both have desirable elements that should be combined to get the most out of our professional and personal lives.

Teams, google hangout, skype, zoom, cloud sharing, and other platforms have now become second nature, hosting virtual meetings, allowing groups to collaborate on shared documents and brainstorm together. But new technologies can innovate this space further and Artificial Intelligence is the key.

AI applications which could innovate virtual working

Using natural language processing, virtual meetings can be recorded and transcribed from voice-to-text, so you don’t have to worry about taking detailed notes. Also, natural language processing can be used to analyse what is said to search for keywords. This will pull up any blogs, online discussions or social network feeds on the topic so attendees can view their discussion in a larger context.

Whilst applications like these are already accessible, they are not widespread and have little recognition outside the tech industry. The increasing demand for innovative ways of working will shine a spotlight on these types of application to make virtual working more efficient.

Telepresence and augmented reality can innovate how we see others in virtual meetings and bring the functionality of in-person meetings to the digital world. Telepresence creates the illusion of a group of people standing or sitting in the same room which can allow people to collaborate more effectively.

Avatars are digital copies of yourself and might be smart enough one day to attend a meeting for you and report back when it’s over. The possibilities of augmented reality create interesting opportunities for the future of Teleworking.

We often talk about the power of connectivity and technology in relation to digital transformation and economic growth but now we can see just how necessary technology really is on a social level to keep us all together even when we are apart.

To stay up to date with LUCA, visit our Webpage, subscribe to LUCA Data Speaks and follow us on TwitterLinkedIn YouTube.

CARMA: Our Free Research-Focused Set of Android Malware Samples

Innovation and Laboratory Area in ElevenPaths    31 March, 2020

We detected academic researchers usually working with very poor malware sets or having problems to get a good malware set. We want the academic field to work with better samples, so that their researches are better and we all get a better malware, adware and PUP detection.

CARMA, a huge free curated android malware, adware and PUP set

What is CARMA?

ElevenPaths Curated Android Malware APK Set (CARMA) is a free service provided by the Innovation and Labs area of ElevenPaths. It provides a free set of malware samples, adware and other potentially dangerous files collected for the Android operating system. These samples may be exclusively used for research or academic purposes, so their use for any other purpose is forbidden. These sets are intended to provide quality samples that may be used for analysis within expert systems, Machine Learning, artificial intelligence or any method that allows improving the future detection of this kind of threats.

We provide a set of complete malware samples in their original and unaltered format, sorted by year, origin and type of threat. From Google Play and other markets, PUP, adware, malware and so on. Classified by years since 2017. And also goodware!

How has the classification been made?

Classifying malware based on antivirus has advantages, but disadvantages as well. If you train a system with the findings of an antivirus, you will only be able to learn at most what such antivirus knows or be closer to similar results. To make matters worse, if the samples used for the training and learning are unclearly labeled (and this usually happens in several antivirus engines) systems may learn from such different elements as an adware or a Trojan and consequently lose effectiveness.

For our set, we have worked on the basis of some renowned antivirus engines, but in addition we have applied other interesting rules. For instance, an agreement on the labels when assessing the threat, or that they were not overlapped sets. Moreover, we have considered more variables: the fact that the markets have removed the samples, that they have been on it long enough, or the consensus of several technologies on categorization.

The system is not perfect (it will never be), but it makes up for some usual flaws that we have found. If in addition we take into account the fact that we provide a significant number of samples (something appreciated by analysts), we are able to mitigate such flaw. The goal is a quality research in the field of malware detection for Android. The sets can only be freely used for academic purposes, and under no circumstances for profit purposes.

I am an organization that conducts research, how do I get it?

CARMA comes as an extension of our more complete service for researchers Tacyt. You only need to warrant its use via this form. We will reply to you manually. You must sign an engagement and understanding document where the only commitment is mutual acknowledgement.

All the info here: https://tacyt.elevenpaths.com/carma

Fake News and Cyberthreats in Times of Coronavirus

Helene Aguirre    30 March, 2020

Cybercriminals take advantage of any eventuality to develop new attacks and achieve their goals. On this occasion, digital criminals have used the global COVID-19 pandemic and widespread panic among the population as a Trojan horse to access thousands of homes and computer systems. Phishing, fake news, adware, malicious applications, malware and so on. Over the last month, our Security Operations Centers (SOCs) have received a high number of alerts directly related to the Coronavirus.

During the weeks prior to the quarantine caused by the COVID-19 in our country, from ElevenPaths we were investigating the development of conversations on the different social networks about fake news and digital threats that had arisen as a result of the current health crisis. Moreover, we were analyzing the behavior of conversations on Twitter through groups of profile communities associated with each other by profiles or even by similar conversation topics.

Nowadays, and especially in this times of confinement, social networks are the fastest and most accessible informative (and often ‘misinformative’ as well) instrument at our disposal. Any user can pose as a doctor, an expert in epidemics or a cum laude in virology, but the truth is that sometimes it is difficult to discern whether the recommendation on Twitter made by a ‘Ms Mª Carmen Alcántara’, who recommends eating cooked garlic to cure the virus, is a hoax or truthful information.

In the research we have carried out, we have analyzed the circulation and spread of this fake news and the social circles on Twitter around it. It was not surprising to discover that behind many of the false news there were botnets of hundreds of Twitter accounts that amplify their reach.

Another of the attacks that have spread the most since the outbreak of the Coronavirus have been phishing attacks. In this case, cybercriminals are taking advantage of people’s fear and uncertainty to ‘disguise themselves’ as any health agency, city council, financial institution or even as an educational center to send emails containing malicious links or to steal any type of personal data.

Also following this idea of ​​institutional impersonation, we may highlight the number of malicious apps imitating official ones that have been created. Due to this exceptional situation, where we have been adapting ourselves to do homeworking and children to study at home with new digital tools, andmany of us have downloaded new applications. And this did not go unnoticed among criminals. Throughout our research, we also wished to investigate this aspect, so we used our in-house tools Tacyt and mASAPP. These analyze, correlate and classify millions of mobile apps using their big data technology to see that a large number of applications with names linked to COVID-19 were indeed malicious.

From this research, we point out the rapid spread of hoaxes on this pandemic, as well as the immediate emergence of phishing attacks, data theft or app counterfeiting. As we have already mentioned, the main drivers of these attacks and fake information are people’s fear and despair, but also the deployment of interconnected networks of malicious systems that spread them.

The Spanish Civil Guard has created a citizen communication channel to receive information about online fraud and scams due to the coronavirus. Through the account [email protected], citizens can report potential scams and fraudulent sales related to COVID-19.

It may be understood that in these times of insecurity and disquiet we are less able to detect these ‘traps’. However, we must not forget that digital threats do not cease at any time, even in these times of health alert for a global pandemic.

What is Natural Language Processing and its Use Cases?

Olivia Brookhouse    27 March, 2020

Our ability as humans to use words to communicate intelligently is what defines us as a species. There are 7000 languages in the world connected to different countries, cultures and groups of people. Computers with the development of Natural Langauge Processing (NLP) are now also becoming masters in linguistics to improve global communication and business processes.

The incorporation of Artificial Intelligence into business practices spans across all sectors and is a term many of us are familiar with. However, how well do you know Natural Language Processing (NLP) and its applications for businesses?

What is NLP?

Natural Language Processing is the branch within the field of computer science, linguistics and artificial intelligence that is responsible for the study and development of techniques that enable computers to understand and process human language. It is not only about understanding some words, beyond that NLP aims to understand the meaning of an idea and the context.

NLP has many use cases to innovate big and small companies alike. This includes powering efficient chatbots for customer service, providing sentiment analysis from social media posts to find out consumer habits, improving processing and understanding of voice searches, scanning and summarizing documents, reading CV’s etc. Any lengthy process that involves text analysis, AI can be an incredibly useful assistant to make work more efficient.  

The technology behind it

There are 6 important steps which allow computers to understand the meaning behind words to provide actionable insights. Python NLTK can run all these different stages required for NLP.

Tokenization – process of breaking strings of text into tokens, which are small structures that can be analysed separately. For example, a sentence can be broken down into individual words to help make sense of how each word plays in the meaning of the phrase as a whole.

Figure 0: Tokenization explained (Source)
Figure 0: Tokenization explained (Source)

Stemming – process which reduces words into their base form or root form. For example, the word ‘perfected’ would be normalized to its root word – perfect. This process is necessary to simplify the words, but sometimes will cut words to a shorter word that might not exist.

Lemmatization – like stemming, Lemmatization generates the root from of the inflected words but is more accurate. Lemmatization will always create an actual language word when it cuts the word down. It also groups together different inflected forms of words to map them into one common root. So during lemmatization, the computer should map gone, going and went to go.

Figure 1: Lemmatization and stemming explained (Source)
Figure 1: Lemmatization and stemming explained (Source)

POS tags – Indicate how a word functions in a sentence, categorizing them as an adjective, noun, adverb, subject etc. In different contexts the same word will have different POS tags. For example, google is a proper noun but it can also function as a verb, for example in the sentence “google the football score”.

Named entity recognition – is the process that aims to identify the name entities within a sentence and categorize them. Categories can include, person, organization, location, time. It does this in 3 steps:

  • Noun phrase identification
  • Phrase classification
  • Entity disambiguation
Figure 2: Named entity recognition process (Source)
Figure 2: Named entity recognition process (Source)

Chunking – process of picking up individual pieces of information and grouping them into bigger pieces which gives meaning to the text, identifying which words need to be chunked together allows greater understanding of meaning.

Figure 3: Chunking explained
Figure 3: Chunking explained

NLP and NLG

There is often a confusion between these two terms, Natural Language Processing and Natural Language Generation. Whilst Natural Language Processing (NLP) is the process in which computers read language, understand it and convert it into structured data which can be used for analysis and training, Natural Language Generation (NLG) is what happens when computers write language. NLG processes turn structured data into text to help automate and speed up text writing within applications.

These two processes often work hand in hand to not only help businesses process and analyse large quantities of language data (NLP) but to also automate writing processes (NLG).

Use cases of NLP

Medicine

The development and need for Telemedicine depends heavily on Natural Language Processing to accurately diagnose diseases. NLP scans data from hundreds of patients to build accurate symptom profiles for diseases. This can also help in the prevention of pandemics. NLP is also within medical chat bots to speed up internal processes, understanding individual cases in order to refer patients to the correct doctor.

Finance

Traders are increasingly using NLP to provide social media sentiment analysis to better understand market trends. NLP can perform spell checking and document summarization to speed up internal administrative processes.

Marketing and Advertising

NLP makes many marketing processes more efficient by performing advertisement matching and personalisation, copy writing and key word identification. Also, sentiment analysis can provide a lot of information about customers choices and their decision drivers.

Customer service

Natural language processing and generation play a large role in customer service to provide a 24/7 service. Accurate chatbots and voice assistants must be able understand what we are saying but develop a helpful response.

Recruitment

NLP is also being used in both the search and selection phases of talent recruitment, identifying the skills of potential employers before they become active on the job market can give recruiting companies the edge. NLP can also be used to scan CV’s in seconds to extract key insights about candidates

Entertainment

Within platforms like Movistar home, Aura, the voice driven assistant uses NLP to respond to vocal prompts, help find and suggest content and many other functions.

NLG is also being used to generate its own content, including art, films, music and novels, although alot of its work is questionable.

To stay up to date with LUCA, visit our Webpage, subscribe to LUCA Data Speaks and follow us on TwitterLinkedIn YouTube.