#NSBCS.020 - Human Insight Meets AI in Cybersecurity

Cyber Threat IntelligenceArtificial Intelligence
Written By Shane Bell
#NSBCS.020 - Human Insight Meets AI in Cybersecurity

Source: NSB Cyber

 

Human Insight Meets AI in Cybersecurity

This week, NSB Cyber, in collaboration with our Cyber Intelligence Centre (CIC), unveiled our latest research paper, "Mind Over Machine: The Irreplaceable Analyst in the Age of AI". This paper stresses the indispensable role of human Cyber Threat Intelligence (CTI) analysts in a tech landscape increasingly dominated by AI. We showcase how AI, while proficient in data handling and pattern recognition, falls short in replicating the nuanced intuition and comprehensive understanding that our human analysts possess.

Looking ahead, we see a future where AI does not replace, but rather significantly enhances the capabilities of our human analysts. This relationship aims to improve proactive measures and anticipate potential cyber threats more effectively. As AI handles the voluminous data analysis, human analysts can concentrate on the strategic, nuanced aspects of threat intelligence, ensuring that responses are not only swift but also incredibly insightful. This blend of technological advancement and human expertise will fortify cyber defenses, making them more adaptive and resilient against the complex cyber threats of tomorrow and by taking #NoStepsBackWards.

 

For information on NSB Cyber’s Cyber Threat Intelligence capabilities or to book a meeting with our team, click here.

What we read this week

  • Australian accounting firm held to ransom by Hunters International - An Australian accounting firm, T A Khoury & Co, fell victim to a ransomware attack by the Hunters International group. The attackers claimed to have stolen 63.7 gigabytes of data, which they categorised into "Client Files" and "Financial Data." This data, duplicated across both categories, was posted on a dark web leak site. Hunters International, emerging from the dismantled Hive group, has not yet issued a ransom demand for this breach. The firm's website experienced downtime but is now back online

  • Google Workspace rolls out multi-admin approval feature for risky changes - Google Workspace introduced a new security feature requiring multiple administrator approvals for significant setting changes, enhancing protection against unauthorised alterations. This multi-admin approval mechanism is designed to prevent risky modifications by requiring a secondary review from another administrator before implementation. It aims to safeguard against both external attacks and internal errors, particularly in large organisations where such changes can impact many users. The feature is now being rolled out and will be available for users with multiple super admin accounts.

  • Microsoft fixes two Windows zero-days exploited in malware attacks - Microsoft addressed two zero-day vulnerabilities in Windows during their April 2024 Patch Tuesday. The first, CVE-2024-26234, involved a proxy driver spoofing vulnerability that allowed malicious drivers to be signed using valid Microsoft certificates. The second, CVE-2024-29988, was a SmartScreen prompt security feature bypass vulnerability related to a previously identified issue. Both vulnerabilities were actively exploited by attackers, and Microsoft has updated their systems and advisories to address these security risks.

  • Apple notifies users in 92 countries about mercenary spyware attacks - Apple has issued threat notifications to users in 92 countries, alerting them to potential targets of mercenary spyware attacks. This update continues the company's efforts since 2021, initially framed as "state-sponsored" but now described due to policy changes. The notifications primarily concern individuals in sensitive roles, such as journalists and politicians, who might be targeted by high-cost, sophisticated spyware like NSO Group's Pegasus. Apple's alerts are part of a stringent internal surveillance initiative aimed at enhancing user security.

  • Optics giant Hoya hit with $10 million ransomware demand - Hoya Corporation faced a ransomware attack by Hunters International, demanding a $10 million ransom to prevent the release of 1.7 million files, totalling 2 terabytes of data. This attack, first reported by LeMagIT, affected multiple business divisions, leading to IT outages and disruptions in production and order processing. Hunters International, identified as a Ransomware-as-a-Service operation, has a strict "No Negotiation / No Discount" policy, indicating the firmness of their ransom demand.

References
https://www.cyberdaily.au/security/10415-australian-accounting-firm-held-to-ransom-by-hunters-international
https://www.bleepingcomputer.com/news/security/google-workspace-rolls-out-multi-admin-approval-feature-for-risky-changes/#google_vignette
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

https://therecord.media/apple-spyware-notifications-92-countries
https://www.bleepingcomputer.com/news/security/optics-giant-hoya-hit-with-10-million-ransomware-demand/
Shane Bell
Previous

#NSBCS.021 - Unmasking Sandworm: A Beachfront View of Modern-Day Threats
Next

#NSBCS.019 - Cracks in the Windows: Unravelling Microsoft's Security Saga