More AI = More Cyberthreats

Podcast Summary

• Cyber war intensifies with AI, causing record data compromises: In 2023, there were 3,205 data compromises, a 78% increase from the previous year, with ransomware attacks causing substantial damages, and companies unprepared for state-sponsored actors.

  The cyber war is no longer a cold war but a hot war, with AI playing a significant role in intensifying cyber threats. The number of data compromises has seen a significant increase, reaching an all-time high of 3,205 in 2023, a 78% increase from the previous year. This trend is alarming, with ransomware attacks becoming increasingly vicious, resulting in substantial damages for companies. The UnitedHealthcare ransomware attack, which caused almost $1 billion in damages, is a prime example of the gravity of the situation. The fact that UnitedHealthcare executives appeared before Congress and downplayed the severity of the attack, despite not even having 2-factor authentication, highlights the unpreparedness of many companies for the escalating cyber war, particularly against state-sponsored actors.

• State-sponsored hackers and individual criminal hackers pose significant cybersecurity threats: Both state actors and individual hackers use advanced technologies like AI to create sophisticated attacks, making it essential for individuals and organizations to stay vigilant and prioritize cybersecurity.

  The cybersecurity landscape is becoming increasingly complex and dangerous, with both state-sponsored hacking groups and individual criminal hackers posing significant threats. These groups are using advanced technologies like AI to create sophisticated attacks, making it difficult for even well-funded organizations to keep up. On one hand, we have state actors like Russia's CozyBear and AlphaV, who are using hacking and ransomware to raise funds for their governments. On the other hand, we have individual hackers, like Hans Gruber, who are simply in it for the money and the thrill. The use of AI in cybersecurity is a double-edged sword – while it can help detect threats and prevent breaches, it can also be used by hackers to create convincing phishing attacks and train their hackers more efficiently. Furthermore, the human element remains a significant vulnerability, as we are often the weakest link in the security chain. The increasing sophistication of these attacks, coupled with the ease with which hackers can collect personal data to build profiles, makes it essential for individuals and organizations to stay vigilant and prioritize cybersecurity.

• The Cyber War's Hot and Cold Aspects: The cyber war includes both hot (hacking) and cold (disinformation campaigns, identity theft) aspects, and recent state-sponsored hacking groups demonstrate the severity of these threats, requiring agile software development and individual awareness to stay protected.

  The cyber war is becoming increasingly hot as states fund hacking activities and the use of biometric authentication systems, like passkeys, becomes more prevalent. Passkeys eliminate the need for passwords and add an extra layer of security, making it difficult for unauthorized users to gain access. However, the cyber war also includes the cold aspect, such as disinformation campaigns and identity theft, which can lead to collateral damage for individuals. The rapid development of AI and the increasing number of threats require a shift towards agile software development in the US military to keep up. The cyber war's impact goes beyond nations and affects individuals, and it's important to recognize the severity of both the cold and hot aspects of this ongoing conflict. Recent examples of state-sponsored hacking groups, like CozyBear and Storm 558, show how these groups can use tiny breaches to gain access to systems and infrastructure, potentially leading to significant damage.

• Cyber Threats to Critical Infrastructure: Neglected infrastructure upgrades and resistance to investments in security create vulnerabilities for critical infrastructure, leading to potential devastating consequences from cyber attacks like ransomware, DDoS, spoofing, and phishing. State-sponsored attacks pose an additional risk.

  The increasing sophistication of cyber attacks, particularly against critical infrastructure like energy sectors, power grids, and healthcare systems, poses a significant threat with potentially devastating consequences. Old, unpatched equipment and resistance to upgrades due to financial priorities contribute to these vulnerabilities. Ransomware attacks, distributed denial of service attacks, spoofing, and phishing are common types of cyber attacks. For instance, in the case of the MGM hack, attackers called the help desk and used real names to gain access. State-sponsored attacks are another major concern due to the potential for collateral damage. The ongoing focus on AI and technology investments, coupled with neglected infrastructure upgrades, creates a classic infrastructure problem. It's essential to invest in securing our critical infrastructure to mitigate these risks.

• Phishing attacks can lead to serious consequences: Phishing attacks can result in loss of access to critical systems and data, financial damage through ransomware, and control of other accounts

  Phishing attacks can lead to serious consequences, including the loss of access to critical systems and data, as well as financial damage through ransomware attacks. The Okta breach discussed is a prime example, where a hacker impersonated a VP and tricked an employee into resetting their 2FA, gaining access to the company's Okta account and ultimately taking control of many other accounts. In contrast, a distributed denial of service (DDoS) attack involves taking over a large number of computers to flood a targeted website with traffic, making it unavailable to users. Microsoft, which has a significant number of older, vulnerable systems in use, has acknowledged the importance of security and has made efforts to address these threats.

• Microsoft should focus on improving core infrastructure security for their public cloud offerings: Microsoft needs to demonstrate a genuine commitment to security by enhancing infrastructure security for Azure and other public cloud services, while Apple has taken a proactive approach by issuing warnings to users about potential cyber threats.

  While Microsoft's CEO, Satya Nadella, recently prioritized security above all else, the industry and public perception is that Microsoft, as a leading cloud provider, has neglected security in the past. To demonstrate a genuine commitment to security, Microsoft should focus on improving core infrastructure security, especially for their public cloud offerings like Azure. An alternative approach could be for Microsoft to invest in upgrading outdated Windows XP systems worldwide, particularly in healthcare systems in emerging economies, to prevent potential security vulnerabilities. Apple, on the other hand, has taken a proactive approach to security, issuing warnings to users about potential cyber threats. While some may view Apple's warnings as premature or too late, the company's history of being an early victim of cyber attacks has driven them to prioritize security. Overall, it's crucial for tech companies to prioritize security and take tangible steps to address vulnerabilities to regain the trust of their customers.

• Apple warns of targeted iPhone attacks, highlighting evolving cybersecurity threats: Stay informed and take proactive measures to protect against targeted and persistent cyber attacks. Solutions like edge security and zero trust can help mitigate damage.

  As cybersecurity threats continue to evolve and become more sophisticated, individuals and companies need to be more vigilant than ever before. Apple's recent warning about targeted attacks on specific iPhones is a reminder that cybercriminals are becoming more targeted and persistent in their efforts to gain access to sensitive information. Companies like CrowdStrike and Zscaler, which provide edge security and zero trust solutions respectively, are becoming increasingly important in the cyberwar era as they help protect devices and networks from these threats. The AT&T data breach serves as a cautionary tale, highlighting the importance of knowing the source of an attack and taking swift action to mitigate the damage. As the cybersecurity landscape continues to evolve, it's crucial for individuals and companies to stay informed and take proactive measures to protect themselves.

• Zero Trust Security and AI are Essential in Today's Cloud Era: Zero Trust Security validates user identity at every step, CrowdStrike and Zscaler offer complementary solutions, AI plays a crucial role in cybersecurity, Accenture helps implement security measures post-breaches, Datadog excels in network monitoring and AI-driven security

  With the increasing shift of companies' infrastructure to the public cloud, traditional security measures like firewalls are no longer sufficient. Zero trust security, which involves validating a user's identity at every step of the way, has become essential. CrowdStrike and Zscaler are two companies that offer complementary solutions in this regard, with CrowdStrike acting as the bouncer outside the bar and Zscaler as the bartender checking IDs inside. Another area of growing importance is cybersecurity cleanup and response in the aftermath of data breaches or disasters. Companies like Accenture could potentially fill the role of Winston Wolf from Pulp Fiction, helping organizations implement multi-factor authentication and other security measures to minimize damage. Moreover, as cybersecurity threats become increasingly sophisticated, the use of AI in cybersecurity is becoming more prevalent. Every SaaS provider is adding AI to their products, and tools that can observe network activity and take action based on that data will be crucial in the era of cyber warfare. Datadog, which already offers network monitoring and security products, is a prime example of a company that could excel in this area.

• Balancing modern tools and infrastructure upgrades for cyber war protection: Invest 25% in employee education, 25% in infrastructure upgrades, and 50% in modern cybersecurity tools. Prioritize password security and be cautious of suspicious emails and calls.

  Investing in both modern cybersecurity tools and old infrastructure upgrades is crucial for effective cyber war protection. While advanced tools like CrowdStrike and Zscaler are essential for monitoring and securing new systems, neglecting outdated equipment can leave vulnerabilities unaddressed. Therefore, 25% of the investment should be allocated towards employee education, 25% towards urgent infrastructure upgrades, and the remaining 50% towards modern cybersecurity solutions. Additionally, using a password manager is a personal recommendation for protecting oneself against cyber attacks. Remember, default to no when encountering suspicious emails or phone calls.

• Stay cautious and skeptical during unsolicited calls: Be wary of unsolicited calls, especially those with AI-generated voices. Default to a 'no' response and establish a family password for calls involving loved ones to add an extra layer of security.

  Being cautious and skeptical when receiving unsolicited calls, especially those with AI-generated voices, is crucial in protecting yourself from phishing attempts. Defaulting to a "no" response can help filter out potential scams, but having a family password for verifying the authenticity of calls involving loved ones can add an extra layer of security. Remember, don't answer or engage with suspicious calls, and be cautious even if the caller seems legitimate. Stay informed by tuning in to "This Week in Tech" on Motley Fool Live every Friday from 10 AM to 11 AM EST, or catch the replay on the Motley Fool replay hub. Becoming a Motley Fool member gives you access to this and other valuable resources. As always, do not make investment decisions based solely on the information discussed on this program. I'm Mary Long, and I'll be back with you next Monday. Stay safe, fools.