Cybersecurity faces a new frontier: Synthetic identity fraud and AI-driven phishing. These threats impersonate trusted individuals. They utilize generative AI to create convincing fakes and bypass traditional defenses.

It’s time to expose these digital doppelgangers!

What is Synthetic Identity Fraud?

Synthetic identity fraud is not traditional identity theft. Attackers don’t steal a single person’s identity. Instead, they fabricate new ones.

Building Identities with Real and Fake Data

Synthetic identity fraud is like building Frankenstein. It uses stolen or made-up elements (in this case, personal information, not body parts) and combines them to create a persona.

Fraudsters take real Social Security Numbers (SSNs) and addresses, sprinkle in some fake names with background information, and voilà — a fake identity that seems legitimate.
Why Synthetic Identities Are Hard to Detect
Synthetic identities are patient. Once cybercriminals create a believable persona, they nurture and develop it over time. They’ll, for instance:

• Open bank accounts and credit lines, and build financial histories
• Pay bills (but only in small amounts)
• Establish an online footprint (email address, social accounts, etc.)
• Apply to jobs

It’s the diligence and patience that make these more complex. Blatantly stolen identities are relatively easy to detect. One red flag, like suddenly appearing across the country or a personal data mismatch, and the jig is up.

With synthetic identities, however, those mismatches never appear. Victims remain unaware because attackers fabricate the persona from the ground up. It’s so challenging to find, in fact, that fraud losses from this attack hit $35 billion in 2023.

What starts as a fabricated digital persona can quickly escalate when paired with AI; these identities evolve into tools for convincing impersonation and social engineering.

Deepfakes and AI-Driven Social Engineering

Artificial intelligence (AI) threats take these nuances a step further. After creating a convincing profile, AI delivers convincing impersonation attacks via deepfake social engineering, making them dangerously persuasive.

Voice Cloning for Business Email Compromise (BEC)

Imagine this: You get an urgent call from your boss. At least you assume it is your boss because the voice sounds identical. They instruct you to send $100,000 to a specific account to make a late payment to a vendor. In reality, a cybercriminal is behind the voice.

In the past, attackers would craft legitimate-looking emails appearing to be from a trusted sender (email spoofing). Of course, email security tools have improved in spotting the scams.

Fast-forward to today, and attackers scrape voice samples from social media to clone accents and speech patterns. These voice and video impersonation attacks are common in AI-driven phishing campaigns. In 2024, over 105,000 deepfake attacks were reported, resulting in $200 million loss in just Q1.

Video Deepfakes in Remote Work Environments

Video deepfakes take social engineering a step further. With so much adoption of Zoom and other video conferencing tools, every conversation has to be legit, right?

Sadly, no. Deepfake technology can animate a still image (using AI) to make it appear as if someone is speaking live. You might think you’re talking to a work colleague when, in reality, it’s a sophisticated cybercriminal.

Like voice cloning, they’ll use this attack to authorize fraudulent transactions or extract sensitive information.

These aren’t just hypotheticals. Organizations across industries are already experiencing high-profile attacks that show the financial and operational damage of synthetic identities and deepfakes.

Real-World Examples of Synthetic Identity and Deepfake Attacks

The theoretical is now reality. Synthetic identities resulted in over $3.3 billion in lending exposure to individuals who aren’t even real. These false profiles and deepfakes can truly hit victims hard. Here are some high-profile cases:

High-Dollar Financial Fraud Cases

Financial institutions, large and small, have fallen victim to fraud by synthetic identities. Some notable cases include:

• New York Bank scam: Dozens of conspirators used synthetic identities to steal nearly $1 million from multiple New York banks and illegally take COVID relief funds.
• 2017 Georgia bank fraud: An Atlanta, Georgia resident used stolen SSNs to create synthetic identities. He defrauded banks out of $2 million in credit and loans.
• Decade-long Ontario scheme: In 2024, 12 individuals in Ontario, Canada, created over 680 synthetic identities to open fake accounts and credit lines. This scheme resulted in over $4 million in confirmed losses.

Deepfake Impersonation in Corporate Environments

Your everyday employees have also fallen victim. In one wild case in Hong Kong, a finance employee thought he was on a video conference with the CFO and a few other colleagues.

It turns out that every person on that call was a deepfake. They ultimately persuaded him to transfer nearly $25.6 million to fraudulent accounts. What’s crazier is that the team of fraudsters all stole citizen identity cards for data to create synthetic identities. There were 90 loan applications and 54 bank account registrations before the attack.

Another case targeted the CEO of the world’s largest advertising group. Though unsuccessful, scammers created a fake WhatsApp account pretending to be the CEO. They then set up a Microsoft

Teams meeting with the employee and used YouTube video footage to create a voice clone of the executive. The goal: Convince the victims to set up a new business to solicit money and personal information.

With incidents like these already costing millions, the question becomes not if but how organizations can verify identities and detect AI-powered fraud before damage occurs.

Detection and Verification Methods

No one seems safe anymore. The best practice for phishing emails used to be call-and-confirm. But with voice cloning and deepfakes, that doesn’t seem as foolproof.

Proactiveness and layered defenses are the best bet against the AI revolution and sophisticated attackers.

Multi-Layered Identity Verification

Relying on a single data point is obsolete. Companies must layer their controls with mechanisms that cybercriminals can’t deepfake.

Biometric authentication, such as fingerprinting, facial recognition, and eye scans, is nearly impossible to break. Each individual carries unique data, so scammers cannot replicate it.

Users also have unique behavioral patterns. After all, we are creatures of habit. Some log in at specific time windows, only use certain apps or devices, and exhibit online patterns (such as keystrokes, navigation, etc.). Set baselines for “normal” and continuously monitor to spot anomalies that could indicate a threat.

Deepfake Detection Technologies

Fortunately, the security industry became aware of deepfake technology early. Specialized tools can now analyze digital media for signs of manipulation.

Unnatural eye blinking? Probably fake. Inconsistent lighting or weird audio glitches? Another tell-tale. For audio-specific deep fakes, algorithms can also detect the synthetic lack of breath sounds or unnatural cadence.

Human-in-the-Loop Verification Workflows

Consider the human advantage. While people are the biggest liability to security, we can also set controls that technology cannot.

Implement protocols like mandatory callbacks to a verified number for payment approvals. Or dual-authorization requirements, where multiple users must review and approve requests. And if it’s unusual or invoking urgency and secrecy, manually review with your own eyes.

These verification methods are most effective when integrated into a comprehensive security strategy. CyberMaxx’s MDR approach offers unique value in that role.

CyberMaxx’s Role in Protecting Against Emerging Threats

CyberMaxx integrates defense against these nuanced threats directly into our Managed Detection and Response (MDR) service. Rather than wait, we constantly hunt, looking for signs of fabrication.

Integrating Threat Intelligence for Social Engineering

Attackers use new tactics, techniques, and procedures every day. Our intelligence feeds stay agile to anticipate and counter those moves.

Our team continuously monitors the evolving methods of synthetic identity fraud and emerging deepfake tools. Using data from dark web and criminal forums, threat research reports, and Open-Source Intelligence (OSINT) threads, our defenses stay one step ahead.

Proactive Response to Identity and Deepfake Threats

Is there a potential indicator of an impersonation or social engineering attack? No matter how subtle, our team is on the scene.

We’ll correlate identity verification failures, network anomalies, and suspicious communication patterns to uncover coordinated campaigns. With our fast, guided response, our team quickly identifies and removes cyber threats before they can trick employees.

Value for CyberMaxx Clients

Real-time, integrated defense sets CyberMaxx apart. You don’t have time to evaluate countless data sources and determine whether a request is legit or fake.

We integrate deepfake and synthetic identity detection into the core of our MDR service. A single, unified view of threats across endpoints, identities, and cloud environments that prevents threat actors from hiding.

The lesson is clear: threats are advancing fast, but with the right partner, organizations can stay a step ahead.

Staying Ahead of Synthetic Identity Fraud and AI-Powered Threats

Deepfake fraud cases are on the rise. From 2022 to 2023, there was a 1,740% surge in cases across North America. This surge isn’t an emerging threat; it’s already here.

But CyberMaxx is here to defend your trust layer against AI-powered impersonation. With advanced detection and proactive response, you can combat social engineering tactics and stay resilient in the deepfake era.

The post Detecting Deepfakes and Synthetic Identities Before They Breach appeared first on CyberMaxx.

In a landscape where artificial intelligence (AI) is revolutionizing cyber defense, understanding its true role is crucial. This guide aims to clarify how AI can be effectively integrated into cybersecurity strategies and debrief misconceptions that cloud its application.

At CyberMaxx, we define AI for Cyber Defense as:

AI for Cyber Defense is a strategic, data-driven approach that leverages artificial intelligence to enhance threat detection, response, and prevention. its primary aim is to bolster cybersecurity measures by leveraging AI to identify and neutralize threats, reduce response times, and improve overall security posture while ensuring human oversight remains central to the decision-making process.

This four-part series aims to provide organizations with a proper understanding of how to integrate AI effectively into their cybersecurity strategies, ensuring a robust defense against emerging threats.

What’s Included:

• An exploration of AI’s transformative role in modern cyber defense
• Insights into balancing AI with human expertise in threat detection and response
• Strategies for leveraging AI to enhance Managed Detection and Response (MDR) operations

The post AI for Cyber Defense: Committing to a Secure Digital Future appeared first on CyberMaxx.

While there were only two posts this week, they covered a critical topic on everyone’s mind: Artificial intelligence (AI). To make it easy for our valued customers, partners, and other stakeholders, we’ve provided all these excellent insights in one educational blog post.

So, without further ado, here’s a summary of both posts, plus links to access the full LinkedIn article.

AI-Powered Chatbot Cyber-Risks

In a post on July 23rd, I highlighted the increasing popularity of AI chatbots for handling customer inquiries, providing information, and task automation. However, with such prominent technology come cybersecurity risks. Some of these include:

• Data breach and privacy concerns if sensitive information is exposed or a chatbot doesn’t meet privacy regulations
• Increased sophistication of threats through attack automation or more advanced techniques
• Broader attack surface through new tools added to the stack
• Potential for business impact from attacks on chatbots
• Misinformation and data manipulation campaigns
• Legal and compliance risks
• An evolving threat landscape from emerging threats

Then we pivot to potential attack paths that come with AI chatbots. Phishing and social engineering, for instance, could increase through criminals impersonating or reprogramming chatbots. Chatbots also provide another way to distribute malware and DoS attacks. We also can’t overlook how AI tools provide new channels for unauthorized access and exploitation, which will come with nuanced compliance and legal issues.

Check out the full LinkedIn article here.

Mitigation Approaches for AI Chatbots & the Importance of MDR

In my July 24th post, I alluded to my previous post just a day prior (see above). This time, instead of focusing on the risks, I cover mitigation measures for AI chatbots. For example:

• Authentication and authorization mechanisms
• Data encryption
• Access controls
• Regular security audits and pen tests
• User education
• Detection and response tools for anomalies
• Data encryption for secure communications
• Managed detection and response (MDR) services

I then focused on how important MDR is for robust security. Anyone deploying AI chatbots can benefit from MDR for detecting, responding to, and mitigating cyber risks while also checking compliance boxes. Finally, I close by listing out all the ways MDR can help your business securely deploy AI chatbots:

• Integration with current systems and tech stack
• Continuous monitoring
• Threat intelligence and detection
• Incident response and remediation
• Vulnerability management
• Compliance and reporting
• User and entity behavior analytics (UEBA)
• Phishing and social engineering defense
• Log and event management

Check out the full LinkedIn article here

The post This Week’s LinkedIn Roundup From the CyberMaxx CEO: The Focus on AI Risk appeared first on CyberMaxx.

Understanding AI-Driven Cyber Threats

AI plays a crucial role in detecting cyber threats by analyzing vast amounts of data ten times faster than traditional methods. This allows organizations to identify suspicious activity proactively, predict potential attacks, and prioritize threats for a more efficient and effective response. However, technology has a dark side. Criminals are increasingly exploiting it to carry out intricate cyber attacks.

Many business leaders expect AI-driven cyber attacks to evolve even further in 2024 as technology progresses. According to PwC’s 2024 Global Digital Trust Insights report, which surveyed 3,800 business and tech leaders across 71 countries, 52% said they expect generative AI to lead to “catastrophic cyber attacks” in the next 12 months.

Cybercriminals already use AI to carry out advanced phishing attacks, hack IoT devices, and intercept supply chains. Sophisticated AI-powered malware can evolve in real time, making it more difficult for traditional tools to detect threats. Meanwhile, deepfake-based social engineering attacks allow criminals to create realistic photos, videos, and audio clips.

Given that these AI-driven cyber threats are relatively new, many organizations still have significant blind spots in their cybersecurity strategies.

The Anatomy of AI-Driven Attacks

There are several different categories of AI-driven attacks. We outline some of the most prolific types of AI-driven cyber attacks below:

• Deepfakes and misinformation campaigns: This involves sharing fake information, typically for misleading purposes. Malicious actors use advanced technology to create realistic content often indistinguishable from the real thing. Bad actors often use misinformation campaigns for political manipulation by creating fake clips of politicians saying things. They also use them for identity theft by superimposing people’s faces onto other people’s bodies.
• AI-powered malware and ransomware: AI is often used to create more sophisticated malware and ransomware attacks that can evolve in real-time. These tools can also quickly analyze systems to identify vulnerabilities to exploit. AI-powered malware can also search through sensitive data more efficiently. It can quickly extract sensitive data, such as financial information and intellectual property.
• Automated phishing attacks and social engineering: Automated phishing attacks, such as mass email campaigns, continue to be successful. That’s because they require only a small amount of recipients falling for them to be successful. These emails typically contain malicious links and attachments or spoofed identities. AI can also create more sophisticated social engineering attacks designed to trick recipients.

Challenges in Combating AI-Driven Cyber Threats

One of the main problems with AI-driven attacks is how fast and stealthy they are. Cybercriminals can use AI tools to automate different stages of the attack cycle. They also use them to find and exploit vulnerabilities and extract key information quickly.

Cybercriminals can also carry out AI-driven cyber threats at an enormously large scale. Many attackers leverage distributed computing resources to launch coordinated attacks. By targeting multiple victims, they can maximize their impact and reach.

The nature of the attacks means they are typically extremely difficult to detect. Many AI-driven attacks leave few traces of compromise. AI algorithms can learn quickly and easily evade traditional signature-based detection systems. As a result, malware can evade many current security tools, which makes it difficult for organizations to stay ahead.

CyberMaxx and Advanced Cybersecurity Solutions

AI and machine learning are essential for developing proactive defense mechanisms against these threats. These algorithms can quickly identify patterns indicative of potential security issues and respond to threats proactively.

Continuous monitoring and threat intelligence are vital to staying ahead of bad actors. CyberMaxx provides solutions that help organizations combat AI-driven threats. Its managed detection and response (MDR) services offer a comprehensive approach to security. It quickly detects and responds to potential cyber threats by providing round-the-clock monitoring. As soon as the service detects a threat, it can immediately deploy its rapid incident response capabilities to attend to the issue.

CyberMaxx’s Security Information and Event Management (SIEM) systems provide real-time visibility into security events. This aggregates data from multiple streams. Experts can analyze this data to identify anything that deviates from the norm, identify blind spots, and promote proactive threat detection and response.

These features help organizations assess, monitor, and manage cyber risk by assisting them to stamp out most potential AI-driven malware, ransomware, phishing, and social engineering threats. Ultimately, these strategies help reduce the risk of falling victim to costly attacks that can cause lasting reputational damage.

Bolster Your Defenses Against AI-Driven Cyber Threats

Advanced cybersecurity solutions are essential for protecting your organization against the evolving landscape of AI-driven cyber threats. While these threats continue to develop, investing in the right technology can help you outmaneuver attackers

The post Navigating the AI Revolution in Cybersecurity: Emerging Threats and Solutions appeared first on CyberMaxx.

Cybercriminals are increasingly weaponizing generative AI tools to target healthcare systems and sensitive patient data. Generative AI tools can be used to create counterfeit medical records, produce sophisticated phishing emails, create malware, and even manipulate diagnostic imaging results from X-rays and MRIs.

Sophisticated phishing, ransomware attacks, and deep fakes are some of the tactics used to target patients and healthcare professionals. In 2023, the healthcare sector experienced over 1,000 cyberattacks per week in Q1 alone. That’s a 22% increase from the previous year.

The statistics are alarming, but MDR services provide proactive defenses against the evolving cybersecurity threats threatening the healthcare industry.

The Rise of More Targeted Phishing Attacks

Traditional phishing attacks were originally designed to impersonate trusted institutions like banks and medical offices.

The goal was the same – to extract sensitive data using fraudulent links and attachments. However, they still require human effort to send emails, text messages, and social media posts.

AI-assisted phishing attacks use algorithms and natural language processing (NLP) technology to create more sophisticated attacks at scale, with minimal human effort. AI-generated phishing scams also benefit from the ability to analyze patterns in large datasets and adapt accordingly. As consumers and institutions get smarter against cyber threats, so do the algorithms creating them.

MDR Services Countering Advanced Bot Attacks

Traditional bot attacks were designed for specific tasks like scraping data from websites, spamming, and DDoS (denial of service) attacks. They followed a straightforward script and didn’t have adaptive capabilities, so they were easier to detect and mitigate.

But AI-powered bots can increasingly adapt and bypass new security measures.

Even more alarming, AI enables bots to analyze patterns, enabling them to detect and exploit vulnerabilities that were previously unknown within a network. AI algorithms can also automate bot attacks, enabling large-scale, targeted cyberattacks. Bots can wreak havoc on healthcare systems, causing data breaches, service disruptions, hacking medical devices, and spreading misinformation.

Fraudulent bot activity on healthcare platforms, like fake insurance claims and prescriptions, and booking fake appointments is also a concern. AI bot-enabled fraud wastes healthcare resources poses financial risks and legal liabilities, and erodes patient and public trust in healthcare systems.

AI-Assisted Malware: A New Threat Vector

AI-assisted malware is more sophisticated and adaptable than traditional malware attacks. It’s also much better at evading detection and circumventing network security. Where traditional malware attacks were more static and predictable, AI has allowed malware to evolve so that it’s much more difficult to defeat.

Along with data breaches and ransomware attacks, healthcare organizations are also especially vulnerable to supply chain disruptions and compliance issues. Many healthcare organizations rely on third-party vendors and suppliers for various products and services, including medical devices, software, and cloud-based solutions. Supply chain attacks targeting vendors can introduce malware and backdoors and exploit network vulnerabilities. They also compromise the confidentiality, integrity, and availability of patient data and critical systems and services.

Emerging technologies like cloud computing, telemedicine, and Internet of Things (IoT) devices pose additional security challenges for healthcare organizations. Without aggressive security measures and safeguards like MDR services, cyber attackers may access sensitive data and disrupt healthcare services.

Deep Fakes and Data Manipulation in Healthcare

Deepfake tech uses AI and deep learning algorithms to create fake but highly realistic and convincing audio, video, and image files.

The danger deep fake technology poses to the healthcare industry is significant and includes:

• Alter and fabricate medical records and diagnostic imaging tests
• Fake documents and credentials for identity theft and fraud
• Create advanced phishing attacks via fake video and audio files
• Misdiagnosis and treatment disruptions
• Financial losses
• Privacy breaches

To defend against deepfake technology and data manipulation, healthcare organizations need robust cybersecurity measures like MDR services.

Compromising Anonymity: AI and Patient Data Patterns

Algorithms have the ability to analyze enormous data sets and identify patterns from randomized information. Sensitive data like names and social security numbers are usually stripped from randomized datasets, but an algorithm can utilize AI to identify and collect this information.

AI-powered pattern recognition can re-identify sensitive information about individuals from seemingly random data like behavioral traits, health preferences, or socioeconomic status. Along with the potential for identity fraud, this also increases the potential for discrimination and privacy issues.

Privacy breaches and unauthorized data disclosures erode trust in healthcare institutions and undermine confidence in the confidentiality and security of patient data.

CyberMaxx’s MDR Services: A Proactive Approach to AI Cyber Threats

CyberMaxx’s MDR services provide offensive security and managed detection responses to tackle insidious AI threats to healthcare networks and data.

As AI-powered cybersecurity threats become more sophisticated and destructive, CyberMaxx’s managed detection and response services combine the power of technology with human security expertise to offer proactive defenses – before it’s too late.

With patient lives, reputations, and billions of dollars at stake, healthcare institutions can’t afford to wait for nefarious AI cyber threats to strike before taking action.

Ready to take action? Meet with the CyberMaxx team.

The post 5 AI-Assisted Cybersecurity Threats Facing the Healthcare Industry and the Role of MDR Services appeared first on CyberMaxx.

Universal Principles of War

Cyberwarfare as with Conventional warfare is a clash of opposing wills, compounded with multi-variables, referred to as Friction. We consider the boundless landscape of Cyberwarfare, impending obstacles, or random chaos. Friction can be self-induced through lack of clearly defined goals or overly complicated protocols. All of these are amplified with Uncertainty, Fluidity, Disorder, and Complexity as facets of war (Chapter 1, U.S. Marine Corp).

Augmented Intelligence

Artificial Intelligence can aid our cause, respective to the Nature of War, if we pay mind to 2 critical factors, beginning with, Waging war takes a moral, mental, and physical toll on the combatants (Chapter 4, U.S. Marine Corp). Principles of integrity particularly come into play, during incident handling. I recall an episode in my career when encountering the transmission of illicit materials, where the standards of operations restricted notification through the ticketing system to the named client contacts, as appearing in the contract. There were indicators that one of the client practitioners may have been involved in this criminal act. Therefore, sending a ticket to this individual would only reveal the findings and not address the crime. Applying a moral code to our standards of operations, a notification was sent to ‘all’ those identified as client contacts, from which the organization was able to isolate the perpetrator, bringing this person to justice. From this, we acknowledge AI was able to deliver the data, while human morality dictated the response.

The second critical factor is avoidance of the fallacy, Appeal to Authority. Anyone experimenting with AI for Cyber Defense is quick to realize there is a wealth of false positives generated as LLMs bring both foundational and private learnings to response, not often orchestrated and quite often non-correlated. The result is Alert Apathy or Alert Fatigue, which speaks to the mental and physical exhaustion, suffered by security operators, from handling excessive and duplicative false positives. Consequences from exhaustion lead to a tendency to default to a third party for decision-making, at risk of Appealing to Authority.

When VirusTotal launched in 2004 it became the default authority for many MSSPs. However, with cases of rare malware, it becomes a less reliable source. We must consider that we don’t position AI similarly; where it is the guru, the authority, the tiebreaker. As we’ve already learned, AI’s dependency on prior learnings to make future predictions doesn’t account for all conditions. Therefore, we need to evaluate AI for use as augmented intelligence with human oversight, for security investigations, but not the final authority. The test AI must pass is whether we are confident our clients are better protected through its application, and that we don’t subject ourselves to Appeal of Authority, as a fallacy in our decision making.

Balancing AI and Human Ingenuity

Let’s take the MDR workflow of Detect, Investigate Respond. AI we discussed in the form of augmented intelligence suits us well, in the detection and investigation stage. However Human Ingenuity wins when it comes to Response, the Big R. Here’s what I mean – In the Detect stage there is this path of research, development, deployment, tuning, and affirmation. What’s all too common with many MDR providers is the exclusive use of platform response (Little r), where the same exact sequence of research, development, deployment, tuning, and affirmation, occurs…repeatedly in attempts to automate response.

This is the reason we must put our attention on Response as the primary element of Modern MDR, leveraging Human Ingenuity for the scope of compromise evaluation, when conducting threat response. By this approach, we gain the benefit of 3 separate but interconnected human characteristics:

1. Questioning assumptions – The ability to step back and recursively evaluate, particularly for motive, fits squarely in the realm of Human Ingenuity. We are challenging convention (the domain of AI) and seeking alternatives to what’s in front of us.
2. Scope of Compromise Evaluation – This is both a Depth and Breadth exercise, conducted recursively and simultaneously, well suited to Human Ingenuity. Root Cause Analysis (Depth) of the attack and Environmental Spread (Breadth) of the attack.
3. Consequences of Determination – Formulating outcomes of the chosen path, in the long term particularly, is well suited to Human Ingenuity. This includes the ability to balance for aspects of urgency with other responsibilities to the business, such as the ethics of the choices that are made.

One of the best examples of Big R, and the application of Human Ingenuity, is the decision to contain a threat actor to non-critical business systems for observation while evaluating and learning novel techniques over a period. Compare this approach to the AI-driven little-r technique of instant isolation and containment, requiring continual repeats of the incident to establish a behavioral algorithm. I’ll take the former of contain and evaluate, with human observation; over multiple attacks, eventually correlated through machine learning.

Final Words

In Part I of this multi-part series, we introduced the application of AI to the aid of Cyber Defense. With this, we set the stage for the evaluation of AI along an Intelligence Amplification continuum. A structure for prescriptive use, with clear expectations for results, as a complement to human ingenuity.

With Part II we presented the importance of Context, Content, and Correlation moving past the legacy Black-Box of MSSPs and pseudo-MDR providers where superficial speed-to-detect is the standard. Instead, we champion Modern MDR with a Contextual understanding of the attack, federated Content, (beyond what is being ingested as client security-control telemetry) and Correlation of all Telemetry with federated-threat-intelligence, as blended Content, is the surest means of Cyber Defense.

Take-Away: Establish a Modern MDR Strategy, where Offense Fuels Defense by utilizing Federated Threat Intelligence and content, supplemental to the telemetry provided by your security controls. This approach will fulfill the 3 C’s of Context, Content and Correlation

For Part III we came to appreciate that conventional MSSP analysis; typical to pseudo-MDR providers, creates conformity bias either by groupthink or application of LLMs with historical learning by historical MSSP incident handling. The result is convention can restrict those searching for a Modern MDR solution, which emphasizes Response as primary.

Take Away: Many of today’s MDR providers are operating by convention, in an echo chamber, with AI bringing the addition of a Confirmation Bias to the pre-established Conformity Bias of the LLM. Apply Critical Thinking, avoiding the pitfalls of bias during incident investigation.

Here, in Part IV we emphasize the role of Human Ingenuity in conjunction with Artificial Intelligence, sharing the complementary aspects of both while reducing the limitations of each.

Take Away: Human Ingenuity wins when it comes to Response (Big R), as the new standard for Modern MDR operations. Shifting the Detect Black Box of legacy MSSPs to the response (little-r) Black Box of platform-tuned isolation and containment foregoes Human Oversight and requires duplication in research, development, deployment, tuning, and affirmation. Skill up and seek out those who apply Human Ingenuity to threat research, response, and hunting.

CyberMaxx’s Position on the Use of Artificial Intelligence

Lastly, we conclude our series as we began, stating CyberMaxx’s position on the use of Artificial Intelligence begins with consideration for its benefits in protecting the estate of our clients and ends when no longer capable in serving this purpose. Said differently, CyberMaxx is not in pursuit of AI as a technology for pure novelty. It must serve the common purpose of shielding our clients from cyber threats, to which we are jointly committed. With this, we share our CyberMaxx statement on the application of AI.

CyberMaxx will apply Artificial Intelligence for Cyber Defense for the exclusive purpose of fulfilling our mission, of protecting clients’ business assets and guarding against those committed to wide-scale societal disruption through cyberattacks.

Works Cited

U.S. Marine Corps, “Warfighting, MCDP1”, 1989, https://www.marines.mil/Portals/1/Publications/MCDP%201%20Warfighting.pdf

The post AI for Cyber Defense: Part IV – Human Ingenuity for Modern MDR Operations appeared first on CyberMaxx.

They’ll discuss what they are seeing and what’s keeping them up at night, the current threat landscape, and how things are evolving in 2024 and beyond.

Meet The Speakers

Aaron Shaha, CISO

CyberMaxx

Strategic Information Security Executive and subject matter expert with a record of pioneering cyber security trends by developing novel security tools and techniques that align with corporate objectives. Known for building and leading strong teams that provide technology enabled business solutions for start-ups, industry leaders (Deloitte and its Fortune clients) and government agencies (NSA). Skilled at developing information security strategies and standards, leading threat detection and incident response teams to mitigate risk and communicating effectively across all levels of an organization.

John Caruthers, Exec VP & Chief Information Security Officer

Triden Group

EVP – CISO at Triden Group and the Founder of his own company. John is passionate about helping businesses protect their data, reputation, and customers from cyber threats, and creating innovative solutions that align with their goals and initiatives.

Jarod Thompson, Director of Customer Engineering

CyberMaxx

Experienced Senior Solutions Engineer with a demonstrated history of working in the computer and network security industry.

The post What’s Keeping These CISOs Awake at Night? A Fireside Chat appeared first on CyberMaxx.

From the perspective of security leaders, we will explore the promises AI has made and the reality it has delivered. Through real-world scenarios and practical examples, we’ll examine how security teams are poised to leverage the power of AI across the spectrum of threat detection and incident response.

This 20-minute on-demand webinar is an insightful conversation between two industry experts, Stephen Morrow, Vice President of Solution Engineering at Devo, and Gary Monti, Senior Vice President of Operations Defensive Security at CyberMaxx.

During this 20 minute webinar, you’ll gain insights into:

• The benefits and limitations of AI in Security Operations
• A view into the potential of today’s technology to security challenges
• Understanding the importance of combining human ingenuity with AI to effectively combat cyber threats

As a teaser, here are a few of the questions Gary and Stephen will be discussing:

1. What are some examples of how you have used AI in your Security Operations Center?
2. 96% of security professionals are not fully satisfied with their automation’s use of automation in the SOC. Reasons for this include – limited scalability and flexibility of the available solutions, costs of implementation and maintenance, and a lack of expertise and resources to manage the solution. What are some ways that you and your team have tried or are trying to overcome these challenges?
3. A growing concern in the industry is the usage of unauthorized AI. In a survey conducted by Wakefield Research on behalf of Devo, 96% of IT security professionals admit to someone at their organization using AI tools not provided by their company. How can management help to combat this issue?
4. How do you balance the use of AI as well as human ingenuity in your operations?

The post Decoding AI in Security Operations​: Realities, Challenges, and Solutions appeared first on CyberMaxx.

At the same time, there is a growing opportunity for organizations to use AI defensively to fend off these attacks. AI-driven tools can efficiently analyze data to find patterns and quickly detect and contain potential threats.

This article explores how to use AI tools in both offensive and defensive capacities.

Using AI to Create Personalized Spear Phishing Emails

In Q3 of 2023, an interesting new cybersecurity trend emerged: The number of phishing attacks dropped to levels seen in 2021, following a 37.5% reduction in the number of phishing attacks seen in Q1 of 2023, according to the Anti-Phishing Working Group’s Phishing Activity Trends Report, 3rd Quarter 2023. This data suggests that spear phishing is evolving and that attackers are finding new and innovative ways to exploit AI to craft phishing emails.

The Evolution of Spear Phishing

For many years, attackers carried out phishing campaigns by sending out large volumes of generic emails to many recipients. While most of these attempts failed, it quickly became apparent that only a small number of attempts needed to be successful to consider the attack a success.

The development and widespread availability of AI tools have allowed spear phishing to evolve and become much more sophisticated. Attackers are using these tools to analyze vast amounts of data. They use this analysis to craft personalized emails that can be specifically tailored to recipients, mimicking genuine communications.

Technological Arms Race

As AI technology advances, even the simplest phishing attacks are becoming harder to detect in some cases. Widely available AI tools such as large language models (LLMs) can consume real-time information from websites and social media accounts at a large scale to understand social nuances and generate convincing messages in a matter of seconds.

This allows attackers to create sophisticated, personalized spear phishing emails with real-time context. These emails are based on recent conversations or interactions the victim has had. Due to their accuracy, these attacks tend to have a much higher success rate than human-generated phishing attacks.

Linguistic Analysis as a Countermeasure

AI technology can generate highly targeted phishing attacks and identify potential phishing attempts by carefully analyzing sentence structure and language usage.

Using linguistic analysis to identify messages that AI wrote can help us to identify potential attackers more effectively. For instance, if we receive a message from a close friend or family member that we would not expect to be written by AI, having this message flagged by a linguistic analysis tool can raise suspicions and make us more cautious.

While there is a risk that the tool may be flagging the message incorrectly, it will provide us with an invaluable opportunity to pause and reconsider before engaging further and acting in a way that could be potentially compromising.

Large Language Models (LLMs) as a Threat

Using LLMs helps attackers overcome language barriers in phishing, enabling them to launch attacks more effectively and target a broader audience.

Breaking Language Barriers

LLMs give attackers the ability to create more targeted messages. These messages may mimic the language and communication styles of the person or organization they are trying to impersonate. The vast amount of data that LLMs are trained on allows them to incorporate information like personal details, slang, or technical jargon found on someone’s social media profiles. This personalization can make the emails appear more genuine and trustworthy. LLMs could also be tailored to target different audiences according to traits such as cultural background, occupation, and age, which makes them even more difficult to detect.

Global Implications

These advanced phishing techniques mean attackers can target anyone from anywhere in the world. Many LLMs are multilingual and can be used to create phishing attempts in multiple languages quickly. This means attackers can use them to simultaneously send highly targeted attacks to multiple organizations across the globe.

Large Language Models as a Defense

While cybercriminals can employ AI to launch personalized spear phishing attacks, it can also be used to detect potential spear phishing attempts.

Innovating Beyond IP Addresses

Cybersecurity solutions for phishing detection typically check IP addresses and other information, such as Domain Keys Identified Mail (DKIM), to identify and block potential threats based on reputation. They also include URL scanning capabilities, which check URLs against databases of known malicious sites to detect potential phishing attempts, and attachment scanning capabilities, which flag attachments with suspicious or malicious characteristics. We train users to look for unusual word choices, weird punctuation or capitalization, and awkward sentence structures.

The development of AI tools presents an opportunity to innovate beyond these traditional cybersecurity measures, which rely on identifying existing threats. Instead of just checking the sender’s IP address, mail server records, and URLs against lists of known threats, there is the potential for new tools that use AI to analyze the content of emails, along with the sender’s behavior, to identify new and unseen threats.

It also presents an opportunity to identify video and audio hacking threats. For instance, analyzing speech patterns and audio streams can identify audio malware, unauthorized audio surveillance, and voice phishing attacks. Furthermore, organizations use AI to analyze files and find patterns in network traffic. Once the technology has established baseline behavior and patterns, it can quickly detect deviations and anomalous activities that could be indicative of security breaches.

The Mechanics of Detection: Using AI-Powered Tools

We propose the development of a new AI-powered linguistic analysis tool that would be able to identify potential adversaries based on their language structure and grammar. For instance, if a colleague or family sent an email that appeared to have been generated by AI, the tool would flag this as suspicious.

While this tool is not yet widely available, some existing tools offer similar functionality. For instance, AI content detection tools allow people to check whether blocks of text may have been AI-generated. Furthermore, AI-powered link analysis tools use deep learning to detect unseen malevolent web pages. This is significantly more effective than traditional web classification approaches, which cannot detect and classify new malicious URLs and instead rely on known lists.

Additionally, the knowledge that an attacker is scraping your personal communications or public posts could be a powerful piece of detection tradecraft.

Navigating False Positives: Challenges and Opportunities

Using AI to detect potential cyberattacks also introduces a new set of challenges and limitations. There is a risk that organizations or individuals may become overly reliant on the technology, which could produce false positives and false negatives. This might impact legitimate communication like AI-generated news summaries or marketing campaigns. Given that these systems may have access to sensitive personal data, organizations may also need to take additional steps to ensure compliance with data protection regulations.

False positives, in which an AI tool incorrectly identifies benign behavior as malicious, are also likely to be an issue. This can lead to wasted time and resources and a loss of confidence in the tool’s effectiveness. Organizations can implement strategies to mitigate this. Feedback mechanisms, in which security analysis corrects misclassifications when they occur, can help the model learn from its mistakes to refine its performance over time. Using historical data to provide additional contextual information about typical user behavior can also help the tools to make more informed judgments.

You can expect false positives at the beginning of the process. Through continuous monitoring and performance evaluation, organizations can learn to address these false positives proactively and with increasing effectiveness to minimize this issue over time.

Explainable AI (XAI) can help users understand the purpose and decision-making process behind these tools explicitly. It does this by providing digestible explanations for complex models, which increases transparency and significantly improves human-machine collaboration.
This knowledge-sharing empowers humans to oversee operations and intervene effectively where necessary. It helps to quickly identify suspicious activity and potential misclassifications so organizations can swiftly act. That’s essential when detecting and defending against cyber threats.

The Growing Importance of AI in Cybersecurity

AI is automating spear phishing, making it easier for attackers to launch large-scale campaigns with personalized emails. AI programs such as LLMs are helping them to overcome language barriers so they can launch attacks more effectively and target a global audience.

Collaboration, continuous research, and the development of advanced AI tools that are easy to understand and use have become essential when safeguarding against evolving cyber threats. To successfully innovate and stay ahead of attackers, cybersecurity professionals must learn how to leverage these tools most effectively.

Co-authored by Mike George, CTO and Co-founder of CybrlQ Solutions.

The post Using AI Tools to Defend Against AI-Generated Spear Phishing appeared first on CyberMaxx.

In contemporary warfare a cyber-attack is the first strike of offensive operations. On January 13, 2022, the government of the Ukraine experienced wide-scale defacement of its public websites (UK Government). This attack was later identified as a reconnaissance mission, soon to be followed by a massive campaign on February 24, 2022 – approximately 2hrs before the Russian military crossed into the Ukraine (1). Denial of Service and Wiper attacks, intended to eliminate access, and destroy critical data, were launched against Ukrainian government and commercial agencies, disrupting satellite communications, restricting access to financial institutions, and disabling public communications.

We must consider where AI could have aided in defense of this cyber-frontal assault.

Doing so requires we evaluate for Large Language Modules (LLMs) inherent to advanced AI systems, which by their nature are designed to produce logical responses when queried. LLMs consume massive data sets (think petabytes), for their training, primarily sourced within the public domain in the form of books, articles and websites. Therein lies the challenge, where AI, (particularly generative AI), attempts to provide precise response to modern-day queries, utilizing historical data. In our 3c Model, Correlation is risked by the potential for bias, whether societal or cognitive (Echterhoff, J., Liu Y., et al). For purposes of our discussion, Conformity Bias is the greatest inhibitor to establishing a defensive posture in cybersecurity, utilizing AI.

As we discussed in Part II, many of today’s MDR providers, have their roots in Threat Detection Operations (TDO). They function as established MSSPs leveraging proprietary platforms, creating an MDR Black Box from their TDO Black Box legacy. Solely through inclusion of endpoint telemetry they rebrand as MDR. All the while, the operating standards are based on MSSP workflows. Alert investigations follow a conventional MSSP path of:

(1) signature and profile mapping to identify the alert

(2) historical records search for the identified alert

(3) evaluation of prior incident handling procedures

(4) third-party validation (Ex then: VirusTotal, Ex now: AI)

These 4 steps of incident handling are the legacy of MSSPs, ultimately influencing many MDR providers in determining the likelihood of a cyber-threat. The fatal flaw is we exclude broader context of the alert, as it is evaluated in isolation. We restrict the second of our 3c Model, Context. Years of conventional MSSP analysis creates a conformity bias in Step3 (evaluate for prior incident handling). The Incident Handler will examine for what someone did before them and be inclined to take the same steps. Even with Step4, as augmented through AI, the attributes of bias within the LLMs will lean toward conventional MSSP event handling, producing the same results. Take Away: Many of today’s MDR providers are operating by convention, in an echo chamber, with AI bringing the addition of a Confirmation Bias to the pre-established Conformity Bias of the LLM.

Modern MDR breaks us out of the Black Box, and reduces the influence of bias, in the investigation of cyber threats.

With the final part to our series, we will explore the application of human ingenuity to Modern MDR operations as we fulfill on our mission to Think Like an Adversary and Defend Like a Guardian. In preparation, I invite you to obtain a copy of the U.S Marine Corps manual, MCDP1, titled Warfighting (U.S. Marine Corp). You will want to read Chapter 1, The Nature of War and Chapter 4, the Conduct of War. The manual is available at no cost, through the PDF linked in the ‘Works Cited’ Section. Until next time, as Cyber Defenders, we move Forward with Courage.

In the final part of the series, we will explore the application of human ingenuity to Modern MDR operations as we fulfill on our mission to Think Like an Adversary and Defend Like a Guardian.

Works Cited

UK Government, “Press Release: Russia behind cyber attack with Europe-wide impact an hour before Ukraine Invasion”, 10 May, 2022, https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion

Echterhoff, Jessica, Liu, Yao, Alessa, Abeer, McAuley, Julian, Zexue He, “Cognitive Bias in High-Stakes Decision-Making with LLMs”, 25 February, 2024, https://arxiv.org/pdf/2403.00811.pdf

U.S. Marine Corps, “Warfighting, MCDP1”, 1989, https://www.marines.mil/Portals/1/Publications/MCDP%201%20Warfighting.pdf

The post AI for Cyber Defense: Part III – Think Like An Adversary, Defend Like A Guardian appeared first on CyberMaxx.