Search This Blog

Showing posts with label Cyberwarfare. Show all posts

How ChatGPT May Act as a Copilot for Security Experts


Security teams have been left to make assumptions about how generative AI will affect the threat landscape since ChatGPT-4 was released this week. Although it is now widely known that GPT-3 may be used to create malware and ransomware code, GPT-4 is 571X more potent, which could result in a large increase in threats. 

While the long-term effects of generative AI are yet unknown, a new study presented today by cybersecurity company Sophos reveals that GPT-3 can be used by security teams to thwart cyberattacks. 

Younghoo Lee, the principal data scientist for Sophos AI, and other Sophos researchers used the large language models from GPT-3 to create a natural language query interface for looking for malicious activity across the telemetry of the XDR security tool, detecting spam emails, and examining potential covert "living off the land" binary command lines. 

In general, Sophos' research suggests that generative AI has a crucial role to play in processing security events in the SOC, allowing defenders to better manage their workloads and identify threats more quickly. 

Detecting illegal activity 

The statement comes as security teams increasingly struggle to handle the volume of warnings generated by tools throughout the network, with 70% of SOC teams indicating that their work managing IT threat alerts is emotionally affecting their personal lives. 

According to Sean Gallagher, senior threat researcher at Sophos, one of the rising issues within security operation centres is the sheer amount of 'noise' streaming in. Many businesses are dealing with scarce resources, and there are just too many notifications and detections to look through. Using tools like GPT-3, we've demonstrated that it's possible to streamline some labor-intensive proxies and give defenders back vital time. 

Utilising ChatGPT as a cybersecurity co-pilot 

In the study, researchers used a natural language query interface where a security analyst may screen the data gathered by security technologies for harmful activities by typing queries in plain text English. 

For instance, the user may input a command like "show me all processes that were named powershelgl.exe and run by the root user" and produce XDR-SQL queries from them without having to be aware of the underlying database structure. 

This method gives defenders the ability to filter data without the usage of programming languages like SQL and offers a "co-pilot" to ease the effort of manually looking for threat data.

“We are already working on incorporating some of the prototypes into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments,” Gallagher stated. “In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts.” 

It's important to note that researchers also discovered GPT-3 to filter threat data to be significantly more effective than utilising other substitute machine learning models. This would probably be faster with the upcoming version of generative AI given the availability of GPT-4 and its greater processing capabilities. Although these pilots are still in their early stages, Sophos has published the findings of the spam filtering and command line analysis experiments on the SophosAI GitHub website for other businesses to adapt.

Attacks are Being Outmanoeuvred by AI Cybersecurity in Novel Ways


These days, chatbots that use artificial intelligence (AI) are the hot topic. Yet, AI cybersecurity is one of the software program's most rapidly expanding functions. That's because real-time detection and defence against cyberattacks saves money for businesses, governments, and people alike. 

According to MarketsandMarkets Research, the global AI cybersecurity market is worth $22.2 billion this year. However by 2028, it's projected to grow to $60.6 billion. A 21.9 percent compound annual growth rate applies to that. 

An increase in cyberattacks 

Cybercrime affects 97 people or businesses every hour, the report by SurfShark reads. Due to this, 2,328 successful cyberattacks will be launched on the day you read this, causing millions of dollars in losses. 

According to Cybersecurity Ventures, those losses should rise by 15% annually. By 2028, it is anticipated that yearly losses will amount to $10.5 trillion. 

“If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China,” stated Steve Morgan, founder of Cybersecurity Ventures. 

Expanding AI cybersecurity response 

AI and its partner machine learning are the officers on the beat to stop this growing cybercrime wave (ML).

“AI is big data,” explains Mansour Khatib, CEO of GBT Technologies, Inc., Santa Monica, CA. “AI manages massive amounts of data to detect something that’s suspicious. It can stop an attack and, based on the data it has gathered, it can know the attack’s next move.” 

Global cyberattack data is continuously gathered by AI. ML can comprehend industrial and worldwide risks to thwart an attack using the knowledge gathered by AI. 

Flexibility in AI cybersecurity 

In theory, humans are capable of doing the same tasks as AI cybersecurity. People don't notice a system is under attack for a very long time, though. There have been numerous successful attacks on systems run by AI that went unnoticed for days. Cybersecurity in the past has its limitations. After malware is discovered, it is blacklisted and information is analysed on it. This approach might thwart attacks from that particular malware, but it cannot identify brand-new, original threats. 

In addition to being faster and more powerful, AI is also more adaptable than conventional cybersecurity techniques. An AI cybersecurity system uses ML to identify new attacks and attackers based on similarities to past ones, learn patterns, and identify correlations between patterns. In other words, AI may change as needed. 

Cybersecurity's future with IoT And AI

The use of physical devices that send and receive information via the internet is enabling an increase in global connectivity. The Internet of Things is therefore used to describe that. Cell phones, automobiles, thermostats, and even refrigerators are among examples.

Today's refrigerators can alert you when you run low on something or are out of it so you may replenish it, claims Khatib. The fridge can communicate with your smartphone or home assistant, such as Google Assist or Amazon, by sending messages via Wi-Fi. Cyber criminals have new ways to steal your financial and personal information as more objects are connected to the internet. 

It's possible that you own a smart bulb, Khatik speculates. This lightbulb transmits data to you via your router. By accessing the light bulb, someone may take control of your router. They might then access your computer and obtain a variety of information from there. 

Such attacks might be thwarted using AI cybersecurity. Can you afford it, though? Khatib responds, "Definitely. Protection for your house and personal devices is getting more affordable in today's society. An inexpensive PC with fingerprint recognition is available right now." 

According to CujoAl's analysis of 1.7 billion connected devices in North America between April 2021 and April 2022, almost half of them are unable to operate antivirus software. To secure all of the devices connected to a network, AI cybersecurity can be included into a router.

Customers are Being Used as Cyber "Crash Test Dummy," Says CISA Director


The CEO of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, referred to the current state of commercial cybersecurity as "unsustainable," and she argued that businesses, consumers, and the government as a whole needed to change their expectations so that users, not the major software and hardware manufacturers, would be held accountable for insecure products. 

A policy from the Biden administration that will place more of an emphasis on controlling the security and safety design decisions made by technology makers is anticipated to be released in the coming days. 

In a speech given on February 27 at Carnegie Mellon University, Easterly claimed that American lawmakers, consumers, and users of third-party products had allowed software programmes rife with flaws or hardware that was vulnerable on practically every level to become the standard. 

“We’ve normalized the fact that the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations, who are often least aware of the threat and least capable of protecting themselves. We’ve normalized the fact that security is relegated to the IT people in smaller organizations, or to a chief information security officer and enterprises,” stated Easterly. “But few have the resources and influence or accountability to incentivize adoption of products in which safety is appropriately prioritized against cost, and speed to market and features.”

Easterly pointed out that Beijing's decades-long campaign of cyber-enabled espionage and intellectual property theft has been far more detrimental to U.S. economic and national security, even if those intrusions aren't similarly visible to the naked eye. While the U.S. reacted collectively with shock and anger at the sight of a surveillance balloon launched by China that crossed over American borders earlier this month, she noted that Beijing's campaign has been far more damaging to the U.S. 

The public hears about hundreds of significant breaches of corporations each year through the mainstream media, legislation requiring breach disclosure, ransomware leak sites, and other sources. They are but a portion of the issue because there are a great number of other invasions that go unnoticed or unreported.

Until the commercial sector prioritises security and safety on the front end, eliminating occasions like "Patch Tuesday" as an anachronism, adversaries like Russia and China, ransomware groups, and hackers will continue to take advantage of that paradigm. 

“The cause, simply put, is unsafe technology products, and because the damage caused by these unsafe products is distributed and spread over time, the impact is much more difficult to measure, but like the balloon, it’s there,” said Easterly. “It’s a school district shut down, a patient forced to divert to another hospital, another patient forced to cancel a surgery. A family defrauded of their savings, a gas pipeline shutdown, a 160-year-old college forced to close its doors because of a ransomware attack, and that’s just the tip of the iceberg.”

Role of large businesses 

The biggest firms, or "those most capable and in greatest position to do so," should be held accountable by society for protecting technology, according to Easterly. This includes standardising basic security features, such as logging, identity protection, and access controls, into base rate packages rather than as an added feature in higher priced tiers. It also includes having a "radically" transparent disclosure process for vulnerabilities as well as internal statistics around the use of multifactor authentication and other basic protections. 

She also suggested a number of legislative options for Congress to take into consideration, such as prohibiting manufacturers from structuring their contracts and terms of service to disclaim all liability for security incidents resulting from the use of their products, establishing higher security standards for software used in specific critical infrastructure sectors, and creating a legal framework to provide Safe Harbor from liability for businesses that do take meaningful security measures. 

Later, during a Q&A session, Easterly said she might be in favour of excluding from legal liability businesses that have been attacked by well-funded and knowledgeable nation-states, but she emphasised that these attacks represent just a small portion of the malicious cyber activity that affects American citizens and businesses every day. 

Although executives from firms like Google and Microsoft have made public statements endorsing similar principles of moving towards security by design and implemented some initiatives, it is still unknown how much they will ultimately embrace the regulations that Easterly and the Biden administration have in mind. Any legislation would need to clear the Republican-controlled House, which is no easy task, if it were to be pursued during the following two years.

While regulation is anticipated to play a significant role in the Biden administration's cyber strategy, it is just one of many pillars of action that were mentioned in earlier draughts, and Easterly emphasised that regulation won't be able to address all of our problems on its own. Many of the same issues can also be solved through other means, such as using the government's purchasing power to encourage better baseline security among its hundreds of thousands of contractors, continuing collaborative initiatives like the Joint Cyber Defense Collaborative, and encouraging wider adoption of safer software development techniques like memory safe languages and software bills of material. 

Easterly cautioned that, despite how challenging this effort will be, continuing with the status quo will cause American consumers and businesses much more harm in the long run – in both the cyber and physical spheres. 

"Imagine a world where none of the things we talked about today come to pass, where the burden of security continues to be placed on consumers or technology manufacturers continue to create unsafe products or upsell security as a costly add-on feature, where universities continue to teach unsafe coding practices, where the services that we rely on every day remain vulnerable. This is a world that our adversaries are watching carefully and hoping never changes,” she concluded.

Cyberwarfare Threat Looming Large on Firms Worldwide


Over the past ten years or so, the environment for cyber threats has undergone a significant transformation, which has accelerated in recent years. The term "cyberwar" didn't even exist until 30 years ago, and it's still somewhat debatable today. 

Once upon a time (that time being just a few years ago), the majority of private businesses had no reason for immediate concern. However, the distinctions between nation-state adversaries, cybercrime organisations, and rogue threat actors continue to become more and more hazy, making practically any company and any device fair game for cyberwarfare. The Armis State of Cyberwarfare and Trends Report: 2022-2023 examines the situation more closely and offers information on whether or not organisations are sufficiently equipped to defend themselves. 

The report focuses on the opinions of IT and security experts from around the world regarding the state of cyberwarfare today and market trends. It offers insightful information on the opportunities and challenges faced by businesses as they work to safeguard their assets and secure their networks. The study was conducted by surveying more than 6,000 IT and security professionals worldwide from all major industry verticals. 

Technology: A double-edged sword 

Technology is frequently a mixed blessing, which is one of the report's most notable findings. Anything that makes your life simpler or more convenient for you can, in theory, be used against you by attackers or expose you to a higher risk in some other way.

Technology is increasingly reliant on artificial intelligence (AI) and machine learning (ML). These technological advancements are being used to automate the detection and response to cyber threats, which is assisting businesses in better protecting their assets and networks. The report does point out, however, that there are worries about how these technologies might be misused for bad, and that more oversight and regulation are required in this area. Concerns about the potential use of generative AI tools like ChatGPT to create malicious code and exploits have recently grown. 

The Armis report highlights the growing threat that cyberattacks that target critical infrastructure pose to businesses. This includes attacks on systems that are crucial to the operation of contemporary society, such as medical equipment and industrial control systems. While these attacks don't specifically target organisations (aside from the provider of critical infrastructure), any attack that affects the critical infrastructure that businesses depend on can have disastrous effects on those businesses. In accordance with the report, these attacks are becoming increasingly sophisticated and are frequently carried out by advanced persistent threat (APT) groups, which are outfitted with the resources and technical know-how necessary to get around conventional security measures.

In the report's introduction, Nadir Izrael, CTO and co-founder of Armis, mentions that experts believe threat actors will be able to weaponize OT (operational technology) environments by 2025 in order to hurt or kill people. The shift from reconnaissance and espionage to kinetic application with tangible effects is a trend in cyberwarfare, he observes. 

“These kinetic cyberweapons have already been discovered in the wild, although none specifically have been deployed to lethal effect. For example, the Triton malware discovered in 2017 targeted and disabled safety instrumented system (SIS) controllers of a Saudi Arabian petrochemical plant which could have contributed to a plant-wide disaster had the problem not been identified. And in February 2021, a hacker attempted to poison the water supply facility of a small U.S. city in the state of Florida via remote access. We have already seen ransomware attacks against the healthcare sector result in human deaths, so the potential impact of cyberattacks—whether intentional or unintentional—is clear.” 

Can we survive cyber warfare? 

Many organisations have been caught off guard by the threat landscape's quick change. The scope of the threat is difficult for businesses of all sizes and in all sectors to comprehend, and many do not have the necessary cyber defences in place.

In a press release, Armis summarised some of the report's most important findings. These results highlight some of the major obstacles that organisations must overcome in order to adjust to the new reality. 

  • The threat of cyberwarfare is not being taken seriously by one-third (33%) of international organisations, who report being unconcerned or indifferent about how it will affect their organisation as a whole, creating security gaps. 
  • Nearly a quarter (24%) of international organisations believe they are unprepared to handle cyberwarfare. Nevertheless, preventing nation-state attacks comes in last on the IT professionals' list of security concerns (22%). 
  • The statement that "The war in Ukraine has created a greater threat of cyberwarfare" is accepted by more than three out of five (64%) IT and security professionals polled.
  • Between May 2022 and October 2022, compared to the six months before, more threat activity was reported on networks by over half (54%) of professionals who are the sole decision-makers for IT security. 
  • The majority (55%) of IT professionals polled concurred with the statement that "My organisation has stalled or stopped digital transformation projects due to the threat of cyberwarfare." In some nations, like Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%), this percentage is even higher. 
  • IT professionals around the world responded differently when asked about their company's policy on paying ransoms in the event of a ransomware attack. Twenty-four percent of respondents said their organisation always pays, 31% said their organisation only pays when customer data is at risk, 26% said their organisation never pays, and 19% said it depends. 
  • A little more than seven in ten (76%) of the IT professionals polled concur that, in response to the threat of cyberwarfare, the boards of directors are changing the organisational culture with regard to cybersecurity. 
  • Nearly 2 in 5 (37%) of the IT professionals surveyed believe it is extremely likely that their company will increase its investment in cybersecurity in light of recent and ongoing unexpected global events (such as the pandemic, the conflict in the Ukraine, etc.) 

Combating future cyberwars 

The report emphasises how crucial asset visibility is to maintaining business network security. Businesses must have a thorough understanding of the hardware and software that connect to their networks in order to identify threats quickly and take appropriate action. With the goal of becoming the "Google Maps" of the IT environment or attack surface, Armis is committed to giving its users the visibility they require. To assist them in overcoming these obstacles, they collaborate with clients like the City of Las Vegas, Takeda Pharmaceuticals, and an increasing number of governmental bodies.

Yevgeny Dibrov, the CEO of Armis, and Nadir Izrael, the CTO, were interviewed by Tony Bradley, Editor-in-Chief at TechSpective. Regarding the visibility of assets, Dibrov stated, "Every client should ask themselves, 'What are my assets? What are my assets, exactly?

In a data centre environment, a manufacturing environment, a hospital, a critical infrastructure facility, or a government facility, the most fundamental question is, "What do I have?" he continued. 

“I think cyberwarfare in general has become kind of an above board thing that nation-states do, as opposed to maybe a decade or two ago where everything was hush-hush and under the covers—like these covert attacks that were never attributable. That change is huge in our overall industry. It's huge for countries. In fact, from our perspective it paints cyberwarfare as the new terrorism,” Izrael stated. “It is the most cost-effective way of waging war on multiple levels and something that we're seeing more and more examples of as we progress.”  

Since it is unlikely that we will be able to put the genie back in the bottle in the future, it will be crucial for organisations to understand the answers to the questions Dibrov posed and have that "Google Map" of their environment to work with.