Episode Description: This episode breaks down insights from the 2024 Global Threat Report by Elastic and the 2024 Digital Defense Report from Microsoft. It explores the blurring lines between state-sponsored hackers and cybercriminals, the rising role of generative AI in cyber-attacks and propaganda, and the use of commodity malware by sophisticated threat actors.
Josh shares both the report highlights and his reflections on how these trends reshape the cybersecurity landscape, especially in light of ongoing geopolitical tensions.
Topics Discussed:
Blurred Lines Between Nation-State and Cybercriminal Activities
How state-sponsored actors, including those from North Korea and Iran, increasingly adopt criminal tactics for financial gain, with North Korea using cybercrime to fund its nuclear and missile programs.
Generative AI and Its Role in Cyber Threats
A deep dive into the uses of generative AI by both defenders and attackers, including the development of sophisticated phishing scams, influence operations, and automated malware production.
Commodity Malware and Open-Source Tools
The use of off-the-shelf hacking tools like Cobalt Strike and Sliver, which simplify cyber operations for threat actors. Josh explores how these tools blur the line between advanced and lower-skill attacks.
Social Engineering and AI-Powered Phishing
Insights from the reports show how generative AI enables more tailored and realistic phishing campaigns, amplifying the effectiveness of social engineering at scale.
State-Backed Influence Operations via AI
Case studies of AI-driven influence campaigns, including Russia’s deepfake audio tactics in Slovakia and China’s misinformation campaigns, demonstrate AI’s role in sowing discord and manipulating public perception globally.
Call to Action:
Subscribe to the podcast for more episodes on high-profile cyber intrusions.
Visit our website at intrusionsindepth.com for additional stories and insights.
Share your thoughts on social media using #IntrusionsInDepth.
Links and Resources:
https://www.elastic.co/resources/security/report/global-threat-report
https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse
https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver
https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
https://attack.mitre.org/groups/G0138/
https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a
https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises
https://www.reuters.com/world/us/accused-iranian-hackers-successfully-peddle-stolen-trump-emails-2024-10-25/
https://www.reuters.com/world/us-issues-iran-related-sanctions-over-election-interference-2024-09-27/
https://www.npr.org/2023/09/28/1202110410/how-rumors-and-conspiracy-theories-got-in-the-way-of-mauis-fire-recovery
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
https://securityintelligence.com/articles/malicious-ai-worm-targeting-generative-ai/
https://cert.gov.ua/article/6278521
https://cloud.google.com/blog/topics/threat-intelligence/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor
Credits:
Host: Josh Stepp
Produced by: Josh Stepp
Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!
Share this post