#NSBCS.014 - Artificial Intelligence: Secret Weapon for Success

Cyber ResilienceArtificial Intelligence
Written By Shane Bell
#NSBCS.014 - Artificial Intelligence: Secret Weapon for Success

Input and output screens of DALL-E, an AI-powered image generator we used to create this week’s Signals image.

 

Artificial Intelligence

Artificial Intelligence (AI) refers to machines capable of learning and acting like humans in specific ways. Instead of simply following instructions, AI can analyse data, identify patterns and make decisions. Put simply, think of it like giving a computer the ability to learn and improve over time.

The benefits of AI for your business:

  • Data Analysis: AI excels at analysing vast amounts of network traffic and log data, identifying subtle anomalies and suspicious patterns that humans might miss. This allows for earlier detection of potential threats, like malware intrusions or phishing attempts, before they can cause impact to an organisation.

  • Real-time Threat Intelligence: AI can integrate with threat intelligence feeds, providing real-time updates on emerging threats and allowing for immediate adjustments to security protocols.

  • Automating Threat Response: AI-powered systems can automate initial responses to threats, such as quarantining infected devices or blocking malicious traffic, minimizing the impact of an attack and reducing remediation time.

  • Mitigating Human Error: AI algorithms can be trained to be highly accurate, significantly reducing the number of false positives that waste time and resources. AI-driven decisions are also not influenced by human biases, leading to more objective and consistent security assessments.

  • Machine Learning Advantage: AI systems continuously learn and improve as they analyse new data and encounter new threats, staying ahead of the evolving cyber landscape.

The business concerns surrounding AI:

  • Algorithmic Bias: The effectiveness of AI depends heavily on the quality and quantity of data it's trained on. Biased or incomplete data can lead to biased algorithms, impacting threat detection and user behaviour analysis.

  • Data Security concerns: Storing and processing large amounts of data for AI training raises concerns about data breaches and unauthorised access.

  • Financial Investment: Implementing and maintaining sophisticated AI solutions can be expensive, which may require continuous financial investment.

Intellectual Property and AI:

As AI becomes more creative, there is a lack of clarity concerning Intellectual Property (IP), creating a complex landscape that raises several questions concerning;

Ownership:

  • Should the programmer who built an AI model own the creations or should the AI itself be recognised as the author? This is particularly difficult when the AI operates autonomously.

  • If the AI is trained on massive datasets, who owns the rights to those inputs?

Protection:

  • Can traditional IP laws like patents and copyrights protect AI models and algorithms?

  • Protecting the inner workings of AI models might be crucial for cybersecurity businesses, but does trade secret law offer sufficient protection?

The future of AI for cybersecurity:

With AI rapidly evolving, its impact on the field of cybersecurity will be significant. Advances in AI will enable cybersecurity teams to detect and respond to incidents effectively, anticipate attacks proactively, and address vulnerabilities to ensure there are #NoStepsBackward!

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

What we read this week

  • LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released - An international law enforcement operation has successfully shut down the LockBit ransomware gang, which involved dismantling servers and arresting actors associated with the gang. Since their origin, Department of Justice (DoJ) reported that attacks by LockBit have affected over 2,500 victims worldwide, accumulating more than $120 million in illicit profits. During the operation shutdown, law enforcement agencies were also able to retrieve more than 1,000 decryption keys from the confiscated LockBit servers, and a decryption tool is now available via No More Ransom to recover files encrypted by the ransomware.

  • ALPHV gang claims it's the attacker that broke into Prudential Financial, LoanDepot - Ransomware gang ALPHV has claimed responsibility for cyberattacks on Prudential Financial and LoanDepot, although it has not been independently verified by either company or authorities. ALPHV is reportedly looking for individuals who may wish to buy the stolen data but are considering releasing it for free. United States (U.S.) authorities are currently offering a $15 million reward for information leading to the identification and arrest of ALPHV's leadership.

  • VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware have identified a critical security risk with the deprecated Enhanced Authentication Plug-in (EAP) for vSphere 7.x. VMware has urged admins to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two vulnerabilities. Tracked as CVE-2024-22245 and CVE-2024-22250, the two vulnerabilities can be used by criminals to relay Kerberos service tickets and take over privileged EAP sessions. VMware strongly recommends replacing EAP with more secure authentication methods for vSphere 8, such as Active Directory over LDAPS, ADFS, and Okta.

  • North Korean hackers linked to defense sector supply-chain attack - The German Federal Intelligence Agency (BfV) and South Korea's National Intelligence Service (NIS) issued a joint advisory warning of ongoing cyber-espionage operations targeting the global defense sector on behalf of the North Korean government. The first case study in the advisory describes how North Korean actors infiltrated a research center for maritime and shipping technologies and executed a supply-chain attack by compromising the firm managing the center's web server maintenance. The cybercriminals followed an attack chain that included stealing credentials and lateral movement on the network. The second case study highlights Lazarus group’s Operation Dream Job, a tactic where North Korean actors use fake job offers to trick defense sector employees into downloading malware. This malware can then steal sensitive information or grant attackers access to internal networks.

  • Cactus ransomware claim to steal 1.5TB of Schneider Electric data - The Cactus ransomware gang claims to have stolen 1.5 terabytes of data from Schneider Electric, a global energy management and automation giant, during a January 2024 attack. The attack affected the company's Sustainability Business division, which provides renewable energy and regulatory compliance consulting services to high-profile companies, raising concerns about the potential exposure of sensitive client information and internal operational data. As proof of their claim, the ransomware gang leaked 25 megabytes of allegedly stolen data online, including passport scans and non-disclosure agreement documents. The Cactus gang is now demanding a ransom payment in exchange for decrypting the stolen data and preventing further leaks.

References
https://thehackernews.com/2024/02/lockbit-ransomware-operation-shut-down.html
https://www.theregister.com/2024/02/19/alphv_claims_cyberattacks_on_prudential
https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-remove-deprecated-vulnerable-auth-plug-in
https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack
https://www.bleepingcomputer.com/news/security/cactus-ransomware-claim-to-steal-15tb-of-schneider-electric-data
Shane Bell
Previous

#NSBCS.015 - Governing through a Cyber Crisis
Next

#NSBCS.013 - Ransomware Payments on the Rise