Is Shadow AI The Next Threat?

Shadow AI: How Semi-Cloaked Data Use Permissions Lurk in Your EUAs

Every time your employees click “I agree” on a new software tool, they might unknowingly grant AI systems access to your company’s sensitive data. This recently developed digital risk, known as Shadow AI, represents one of the most insidious threats to corporate data security today — not because it’s illegal, but because it’s hidden in plain sight.

Legal, But Still Unethical

Software vendors have discovered a legal loophole that allows them to harvest your data for AI training purposes: burying these practices deep within end user agreements. These clauses are crafted to comply with the law while calling into question certain motives. Tucked between sections on liability limitations and arbitration clauses, vendors disclose that your uploaded documents, customer communications, and proprietary information may be used to train their large language models (LLMs).

The practice is technically consensual (you did click “agree”) but the disclosure is so obscured that calling it transparent would be generous at best. Companies bank on the fact that nobody reads the fine print, allowing them to monetize your data while maintaining plausible deniability about informed consent.

How These Practices Go Unnoticed

The harsh reality is that no one at your company has the bandwidth to properly review every end user agreement that crosses their desk. Your legal counsel juggles contracts, compliance issues, and litigation; they can’t dedicate hours to parsing through the EUA of every productivity tool or platform your teams adopt.
IT departments focus on functionality and security vulnerabilities, not the nuanced language of data usage policies buried on page 47 of an EUA. Meanwhile, individual employees select and implement tools based on immediate needs, completely unaware that they’re creating backdoors for AI data collection. This perfect storm of time constraints and distributed decision-making has created an environment where Shadow AI thrives unchecked.

How Companies Like BlackFog Disrupt Shadow AI

Fortunately, innovative solutions exist to combat this threat. BlackFog has developed proprietary software called ADX Vision that serves as a vigilant guardian against Shadow AI. This sophisticated platform continuously tracks, analyzes, and monitors the data collection practices of large language models integrated into your software ecosystem. ADX Vision doesn’t just identify which applications feed data to AI systems… it evaluates their storage protocols and usage policies, then provides granular control to block LLMs that fail to meet your organization’s data governance standards. BlackFog provides protection at the endpoint, and works 24/7/365 without its users required to do anything. In other words, BlackFog’s ADX Vision does all the work.

By automating the surveillance that humans simply don’t have time to perform, solutions like ADX Vision give companies the power to protect their data without sacrificing the productivity benefits of modern software tools.

More Information/Demonstration?

For more specific information or to see a demonstration of BlackFog ADX Vision, please contact IGTG and Scott Kunau at skunau@igtg.net.

/by
, ,

Our Client’s Cryptolocker Story – Part Two

Cryptolocker Attachments Look Legitimate

A few weeks ago a client was attacked and his computer and server user files were encrypted by a strain of ransomware malware. There are many, many strains and each are shrouded or hidden in legitimate looking attachments sent via email or legitimate looking links in the message body of emails or worse, legitimate-looking links you click on when visiting a website. Websites are compromised and malware links are put into place and made to look legitimate. User clicks on a link, thinking it is safe and malware downloads and begins encrypting user data.

Decrypt Tool Removed Malware Without Any Ransom Paid

In this blog entry I am happy to announce we were able to find a decrypt tool and decrypt all of the estimated 30,000 user files that the malware encrypted. We were extremely lucky to find a decrypt utility that worked. No bitcoin was purchased and we didn’t have to sit back and worry if the malware creator would be nice enough to send a decrypt key once the bitcoin was received. The malware was removed from the infected computer by manually deleting files and registry keys and using the decrypt utility to restore all files to their original, unencrypted state.

Our Client Was Lucky

However, this was the first IGTG client of nearly 20 where a decrypt utility worked. Some of our clients had one of the solutions listed below in place while others were unable to recover files.

A big shout-out goes to the folks who maintain www.bleepingcomputer.com where we found links to a utility. I’m not going to mention publicly what we found or how we used it because I don’t want the potential ransomware creator to read and modify their attacks.

Ransomware Is Vicious and It’s Not Going Away

I’ve been working with computer technology since college in the 1980s and been a full-time consulting engineer and instructor since 1992 and I’ve never seen more heinous attacks than those by ransomware creators. It is a sad situation that actual businesses have sprung up to attack unsuspecting computer users with the various strains of encryption malware. I firmly believe that if the United States FBI were allowed to arrest and severely punish the malware creators with long prison terms and huge fines that these attacks might disappear. However most attacks originate from overseas and our FBI can’t waltz into foreign countries and make arrests.

What Can You Do To Protect Yourself From Ransomware?

So what are you, the home computer user, the company computer user, and the IT administrator for a company supposed to do to protect against these heinous attacks? Here are solutions and if you don’t have at least one in place already, make it a priority to choose one or more and then implement the solution immediately:

–Disconnected Backup:

This could be an external USB drive that you connect to your home computer and copy your files to either automatically or manually. I use this and manually copy certain directories at least once per month. Additionally, if I’m going to take my main laptop on-site where travel is involved, I do an extra backup. The most important thing you do with this is un-plug the USB drive when your backup is complete.

When we’re discussing a business server, the company should have a disconnected backup in the form of verifiable tapes or disk backups that are managed by backup software and not accessible as writable devices by users. One of our clients was able to restore over 200 GB of data that was encrypted by the malware from a full backup taken just a day before the infection.

–Use An Online backup:

This could be provided by a variety of online vendors such as IDrive (www.idrive.com); or Carbonite (www.carbonite.com) or Mozy (www.mozy.com) and several others. You pay a monthly or annual subscription fee to these sites and then download and setup an application that will do behind-the-scenes backup. Just like the disconnected backup suggestion, you must disconnect from these services or possibly see all of your files that are stored online become encrypted too. Only connect, backup and then disconnect.

–Implement New Scanning Technology

IGTG recommends two vendors and we can provide a personal and/or business quote for you. The two vendors are Sophos (www.sophos.com) and Webroot (www.webroot.com). Sophos has its new Intercept-X technology and Webroot offers scanning based on security hash values assigned to each executable that can run on a PC. Both are cloud-based and offered on a subscription. IGTG can assist you with implementation of either.

–Take Away Access Rights

Even though it is or will be a real pain for your users, or yourself take away administrator rights to your desktop. By converting users to the Standard User role, you eliminate their login ability to write to critical places on the computer hard drive or into the operating system registry without first entering administrative credentials (admin username and password).

Further, include a thorough review of every network share or network drive where your users have Write Access. One of the things that ransomware malware will do once it is done encrypting the local computer files will be to go each network mapped drive (the G: drive for example) and encrypt all of the files on the server that the logged in user has access to write to. This includes the shared drive (H: drive for example), the user home directory (the U: drive) and every other mapped drive. In the attack mentioned in my first blog, the logged in user had full access to every folder on the server and the malware encrypted everything. The decrypt tool however worked perfectly on each server-based file.

Finally, contact authorities – primarily the FBI – if you get attacked by ransonware malware. If you have one or more of the recommended solutions listed above in place, the likelihood of losing much data becomes very remote.

We Can Help

As always, if you have specific questions, user our contact form by clicking here or give us a call at 513-300-5198.

/by
, ,

Change Windows 10 Default Apps

Windows 10 has been with us for a little more than one year.  During that time, I’ve upgraded a number of workstations using the free offer.  I’ve also assisted with imaging deployment using Micro Focus ZENworks to deploy Windows 10 Professional to dozens or hundreds of computers.

Window 10 Default Apps Have Limitations

In several cases, the default apps don’t let Windows 10 users work the way they were used to with Windows 7 or perhaps Windows 8.x.  The Edge browser replaces Internet Explorer (IE) and your system “wants” to use it for things like PDF files and even Word documents.  The Edge browser, early on, didn’t support many webapps but has become much better in the year since it released.

Changing Window 10 Apps in 6 Easy Steps

So how do you change the default apps so PDFs and other files open with the applications you expect them to open in?  Follow these steps:

  1. Click the Windows logo in the lower left of your screen.
  2. Click Settings.
  3. Click System (Display, notifications, apps, power)
  4. Scroll to the bottom of the list and click on Choose default apps by file type. Find the app or document type you want to change and click on it to show a list of applications (note, the applications such as Adobe Reader or Mozilla Firefox must already be installed).  Several times I’ve found PDFs with the Edge browser assigned as the default app.  Edge won’t open an Adobe PDF file very well.
  5. Here is another example: If you want to change the default Web browser to something other than Microsoft Edge, find it and click on the icon to reveal alternative browsers such as IE or Firefox.
  6. Once complete, click the X to close the Settings dialog and return to your applications and desktop.

Hopefully this information will help you reconfigure just a few of the defaults presented by a new installation of Windows 10 or an upgrade from a previous version of Windows to 10.

Need more help? Use our contact form to send us an email, or give us a call at 513-300-5198.

Photo credit: Wikipedia

/by