AI-Powered Cybersecurity: The New Frontier in Combating Ransomware Threats

Cybersecurity experts urge a stronger security posture in response to AI attacks - SiliconANGLE

Cybersecurity teams respond to new wave of AI-based ransomware Artificial intelligence has opened up new vulnerabilities in cybersecurity, requiring a different kind of security posture from companies looking to defend against increasingly advanced threat actors. At Trellix, which specializes in detection and response, experts are preparing customers for targeted attacks in their sectors. "What we're trying to do is elevate that intelligence ... to a more proactive stance," said John Fokker (pictured), head of threat intelligence at Trellix. "So, if there's a weakness or there's anything else, or let's say you're a company in a certain sector or geo, we will provide you with, OK, these are the threats relevant to your sector or geo ... these are all the elements in their attack. And, by the way, you can increase your security posture by applying rule XYZ out of the box." Fokker spoke with theCUBE Research's John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed how AI has impacted ransomware and how organizations can strengthen their defenses. (* Disclosure below.) The last year has seen the rise of ransomware as a service, changing how threat actors collaborate together. Trellix, which provides extended detection and response, has found unsettling trends for AI in the ransomware space. "We saw threat actors just like us trying to find solutions for things that were annoying," Fokker said. "They used Gemini to get more information on vulnerabilities, web scanners. They're researching some deep fake[s]. There was one instance that was really interesting and very timely that [the threat actor] was asking for ... voice cloning type of software, specifically to extort politicians and crypto influencers." In response to these evolving attacks, cybersecurity is increasingly a team effort, according to Fokker. Trellix has a partnership with Google, allowing experts from both companies to pool their findings "Our relationship is very, and stronger than ever," he said. "We really have researchers helping each other out. We're looking at similar threats, some of the most imminent threats to the U.S. administration. One of the things that we're doing ... is a project called RPP, or Research Partner Program, where we help out certain nations in the world that are on a heavy attack but might not have the funds to protect themselves." The companies deliver Trellix appliances with joint investigations to these government organizations, allowing them to defend against international attacks. Fokker's advice for companies guarding against attackers such as email phishers or information stealers is to know their businesses inside and out. "Asset management, actually knowing what you have within your network, knowing your attack service ... but also internally knowing, OK, what's my security posture?" he said. "These are some very basic things, together with patch management, understanding the threat landscape, all that stuff. Those are really basic things that we still see are not always done either correctly or up to a certain standard." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024:

Ransomware attacks: Rising threats and increasing demands - SiliconANGLE

Ransomware attacks surge with skyrocketing ransom demands and executive threats Ransomware attacks have seen dramatic changes over the past few years. Once considered a mere nuisance, they now pose a potentially devastating threat to organizations of all sizes. Back in 2019, ransomware attacks were just ramping up, focusing on infecting single machines. However, by 2020 and 2021, ransomware became more aggressive, with attacks targeting entire organizations and leading to more widespread damage, according to Kimberly Goody (pictured), head of cyber crime analysis at Google LLC. By 2023, an alarming new trend emerged: although fewer organizations paid ransoms, the median ransom payment skyrocketed from $200,000 to $1.5 million, a shocking seven-fold increase. "I think one of the things that contributes to [the rise in ransom payments] is not just the data leak threat, but also the size of the organizations being targeted," Goody said. "We had a report just a couple of months ago of this $75 million ransom payment, which to me, that's enormous. That's a lot of money." Goody spoke with theCUBE Research's John Furrier and Savannah Peterson at mWISE 2024 during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed the latest ransomware stats and trends, including increasingly aggressive extortion attempts, and how organizations can more effectively prepare for and respond to the threat. (* Disclosure below.) Ransomware attacks have evolved from data breaches and financial theft to more personal threats, targeting executives and their families. These attacks can involve attempts to intimidate executives by publicizing personal information or threatening their loved ones. This willingness to apply psychological pressure represents an escalation in how threat actors operate. "We definitely have a few threat actors that we track that ... we expect to go above and beyond on the personal attacks or the personal threats," Goody said. "And that might look like contacting the executive's family members ... and be like, 'Hey, you need to tell your spouse, tell your dad that they need to pay this ransom.' We've also seen cases where a threat actor will make it known to a victim that they know where an executive lives." While these threats haven't yet resulted in physical violence, it's a worrying trend, according to Goody. These techniques reflect a next-level, aggressive threat of harassment. "It's something that people should be aware of," she noted. Goody added that organizations must consider both digital and physical security in their response plans. Organizations and law enforcement have stepped up their game in fighting ransomware. A multifaceted approach combining strategic interventions, technological defenses and law enforcement efforts is proving to be helpful, according to Goody. These efforts have led to 14 disruptions by law enforcement in ransomware operations this year. "LockBit is a great example of activity that occurred this year where they didn't just target the infrastructure or the payments, they also did some initiatives to sow distrust between the threat actors that were running that service and the affiliates," she said. "I think taking that big, multifaceted approach to disruption is really important, and we're seeing some wins there." Another promising area is using artificial intelligence to enhance cybersecurity defenses. AI is helping organizations scale their threat detection efforts, allowing them to identify and address vulnerabilities more efficiently, according to Goody. "I think looking at AI and how that might be able to help us scale our operations and what we're able to cover," she said. "To be honest, we're expected to cover everything ... and it's impossible to cover everything. Anything that can help us in the way of scale is awesome, and I love to see the innovations that we're having internally in that direction." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024:

Mandiant Threat Intelligence: Key in fighting ransomware - SiliconANGLE

Mandiant Threat Intelligence offers solutions as ransomware reshapes global cybersecurity Ransomware has quickly grown into a multi-billion-dollar industry, forcing a shift in how cybersecurity is approached, including the development of solutions such as Mandiant Threat Intelligence. In the last five years, as profits for cybercriminals have soared, their operations have become more sophisticated, drawing more players into this expanding threat landscape, according to Brett Callow (pictured), managing director at FTI Consulting Inc. "In 2019, the average ransom demand was 5,000 bucks and small businesses and home users were most victims. Today, it's become a multi-billion dollar industry," Callow said. "We see huge multinationals effectively being totally knocked offline. We see healthcare systems, entire healthcare systems of multiple hospitals being knocked offline. So ransomware now has morphed from being a small-scale operation to something that does put lives at risk." Callow spoke with theCUBE Research's John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed the rise of ransomware, its increasing profitability and the challenges in accurately assessing and combating ransomware threats. (* Disclosure below.) Ransomware incidents have become more frequent and severe, according to Callow. This escalation is pushing organizations to pursue both preventive measures and post-attack support. "For example, an insurer saw a 15% increase in the frequency of incidents from '22 to '23," he said. "I think 28% increase in the severity of incident. And by severity I mean the amount of disruption and the amount of [ransom]." The current threat of AI in cybersecurity is overhyped and not particularly alarming at this time. Significant progress is needed in combating ransomware by increasing risks for cybercriminals and disrupting their funding, though current efforts remain insufficient, Callow concluded. "To combat ransomware, you need to either increase the risk to the cyber criminals, or decrease the rewards, or do both," he said. "So we need to find more ways to actually get hands on those who are responsible to arrest more people, to interrupt and disrupt the flow of funds. And we need to do far more of that than we have done. Thankfully things are changing to a degree." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024: