CyberWire Daily - From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]
Episode Date: March 5, 2024In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks' Unit 42 podcast, Threat Vector, featuring David Moulton's discussion with Wendi Whitmore about the evolving thr...eat landscape. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these threats, businesses must focus on speed of response, automated integration of security tools, and operationalized capabilities and processes. The conversation underscores the importance of staying vigilant and leveraging technology to defend against the rapidly changing threat landscape. Theat Group Assessments https://unit42.paloaltonetworks.com/category/threat-briefs-assessments/ Please share your thoughts with us for future Threat Vector segments by taking our brief survey. Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. insights from Unit 42, learn from Cortex customers, and see how Cortex is built to conquer today's
toughest security threats. Don't miss out on this chance to go from insight to transformation.
Level up your security game now. Register at start.paloaltonetworks.com slash symphony 2025.
AI is game-changing in terms of the impact it's going to have on attacks,
and then in particular, attackers' ability to move faster.
Welcome to Threat Factor, a segment where Uniforty2 shares unique threat intelligence insights, new threat actor TTPs, and real-world case studies.
Uniforty2 has a global team of threat intelligence experts, incident responders, and proactive security consultants dedicated to safeguarding our digital world.
I'm your host, David Moulton, Director of Thought Leadership for unit 42. In today's episode, I'm going to talk with Wendy Whitmore, SVP of unit 42.
Her career is full of highlights, including being an inaugural member of the first ever
cyber safety review board launched by the United States Department of Homeland Security. full of highlights, including being an inaugural member of the first ever Cyber Safety Review
Board launched by the United States Department of Homeland Security.
She serves on the Industry Advisory Board for Duke University's Master of Engineering
in Cybersecurity, and as a member of the World Economic Forum's Global Future Council on
Cybersecurity.
At Unit 42, we're thrilled to have Wendy leading our team, and today she's here to share her
thoughts on the current threat landscape.
Let's get right into it.
Wendy, give us some insight into the current state of the threat landscape.
Hey, David, thanks for having me today.
So I think what's going on is that attacks are happening at a scale, a sophistication, and a speed that we really haven't seen before altogether.
And the reality
is that makes the work we do even more valuable than it's been before. So when we talk about scale,
the reality is that businesses rely on more applications and third-party software than they
ever have before. And vulnerabilities in that same software are increasing in scope to a massive
degree. That's resulting in organizations being compromised,
oftentimes within hours of the public disclosure of a vulnerability. One of the most recent examples
is the MUVIT case where the club ransomware group exploited over 600 organizations starting in May
of 2023. And this number continues to grow. When we look at sophistication, though, and you couple this in particular with
scale, you're seeing that nation state actors in particular, groups like Russian APT-cloaked
URSA, who's famous for the SolarWinds attack, we're seeing them really demonstrate in-depth
knowledge of business processes. And especially today, if you move into cyber criminal landscape,
what's in the news right now with muddled Libra or scattered spider, you see those organizations really have a
strong understanding of business processes and how IT departments work in particular.
And then lastly, what they're doing is leveraging so many apps, trusted applications like Office
365, Google Drive, for example, Dropbox that we use and really trust and then using those to get
information out of the environment. Lastly, when we talk about speed, as if the sophistication and
scale weren't enough, the reality is it used to take these attackers days, weeks, and even months
in some cases to carry out an attack. And today we're seeing them do that same attack in a span
of hours. I think the biggest concern there do that same attack in a span of hours.
I think the biggest concern there is that the attackers are operating by and large faster than
organizations are able to respond. Especially when we look at the mean time to respond being six days,
which it is today, it's absolutely critical that the mean time to respond decreases and becomes
faster than the time it actually takes for the attacker to carry out that same attack.
Wendy, how is AI coming into play here?
So AI is, in particular, generative AI is really increasing the speed with which attackers
are able to operate.
So if you think about the work that they do today, there's the human component of it with
social engineering and generative AI in particular enables them to move faster, reduces language barriers, and increases
their effectiveness of social engineering tactics used by these same threat actors. And then when
we look at new tools coming into play like Worm GPT and Fraud GPT, we're going to see that enabling
them to be able to move more effectively going forward.
What do businesses need to consider when looking to protect themselves against quicker,
more creative and large scale threat actors?
First and foremost, speed. So what I mean by that is businesses need to be able to respond at machine speed, or the speed of the attack, right? So they need to be able to implement
detections at the speed of the attacker. And? So they need to be able to implement detections at the speed of the attacker
and they're going to have to leverage technology to do that.
The second challenge I see relates to integration.
So there's too many tools today
that organizations are using
that require manual integration.
They're different screens and different panes of glass
and having a platform approach to detection
really helps organizations prevent.
So one detect, prevent and respond at every stage
of the attack, which includes network endpoint and cloud. And then lastly, we really need these
operationalized capabilities and processes. So we can't stop at just having speed to detect
and then integration of tooling, but it really has to be operationalized with strong repeatable processes in order for it to be consistently effective,
but also continually matured within an organization.
Wendy, thanks for joining me on Threat Vector today.
It's great to hear directly from you.
For our listeners that want to learn more about the threat actor groups,
muddled Libra or cloaked Ursa that Wendy mentioned today,
or to go deeper on many more threat actors, visit the Unit 42 Threat Research Center.
And if you think that you may be under attack,
contact the experts at Unit 42 to help assess your risk and exposure.