Learning Library

← Back to Library

Thanksgiving Cyber Threats and AI Risks

39m • Unknown Channel • security • news • intermediate • Watch on YouTube ↗

Key Points

The hosts emphasize that while AI is often celebrated, it can also pose serious security threats, reminding listeners that “AI is not always our friend.”
The Thanksgiving‑themed panel expresses gratitude for reduced major incidents, increased collaboration among enterprises, and the fact that security is finally being prioritized in the AI-driven technology wave.
Upcoming episode topics include IBM X‑Force’s new public GitHub repository, a dark‑web job‑market trends report, an AI‑powered fraud campaign, and a case of someone attempting to convert wind turbines into cryptocurrency mines.
The show warns listeners that the holiday shopping season, starting with Black Friday, also brings a surge in scams, setting the tone for the episode’s security‑focused discussions.

Sections

Full Transcript

# Thanksgiving Cyber Threats and AI Risks **Source:** [https://www.youtube.com/watch?v=x1yRb5_PVro](https://www.youtube.com/watch?v=x1yRb5_PVro) **Duration:** 00:39:52 ## Summary - The hosts emphasize that while AI is often celebrated, it can also pose serious security threats, reminding listeners that “AI is not always our friend.” - The Thanksgiving‑themed panel expresses gratitude for reduced major incidents, increased collaboration among enterprises, and the fact that security is finally being prioritized in the AI-driven technology wave. - Upcoming episode topics include IBM X‑Force’s new public GitHub repository, a dark‑web job‑market trends report, an AI‑powered fraud campaign, and a case of someone attempting to convert wind turbines into cryptocurrency mines. - The show warns listeners that the holiday shopping season, starting with Black Friday, also brings a surge in scams, setting the tone for the episode’s security‑focused discussions. ## Sections - [00:00:00](https://www.youtube.com/watch?v=x1yRb5_PVro&t=0s) **Thanksgiving Reflections on Cyber Threats** - The IBM Security Intelligence podcast opens with a caution about AI, a Thanksgiving theme, and a panel of security experts sharing what they’re grateful for—acknowledging recent incidents like SolarWinds and Colonial Pipeline while noting an increasing collaborative effort across enterprises. - [00:03:09](https://www.youtube.com/watch?v=x1yRb5_PVro&t=189s) **Black Friday Scams Target Brands** - The speakers explain how Black Friday‑time phishing domains threaten corporate brands and outline the need for security teams to partner with marketing to vet malicious domains and protect enterprise reputations. - [00:06:15](https://www.youtube.com/watch?v=x1yRb5_PVro&t=375s) **AI‑Enabled Domain Threat Landscape** - The speaker explains that while organizations have boosted monitoring, AI‑driven attacks such as domain hijacking, fraudulent checkout sites, and automated scamming agents now amplify the security burden, forcing enterprises to protect customers and coordinate takedowns with hosting providers. - [00:09:57](https://www.youtube.com/watch?v=x1yRb5_PVro&t=597s) **Layered Payment Protection & Work Device Advice** - The speaker stresses using multiple fraud‑prevention tools such as tap‑to‑pay, Apple/Google Pay, and PayPal, avoiding holiday shopping on work devices, and highlights the increasing burden on security teams to manage rapidly evolving threats. - [00:14:52](https://www.youtube.com/watch?v=x1yRb5_PVro&t=892s) **Advocating Open‑Source Security Transparency** - The speaker argues that security work should be done openly in the light rather than hidden, emphasizing collaborative benefits while acknowledging the inherent risks of open‑sourcing. - [00:18:45](https://www.youtube.com/watch?v=x1yRb5_PVro&t=1125s) **AI Tools, Trust, and Dark Web Jobs** - The speakers discuss AI and open‑source software as neutral tools whose impact depends on user intent and safeguards, emphasize speed over secrecy in defending against AI‑enhanced threats, and then highlight Kaspersky’s findings that the dark‑web job market mirrors legitimate hiring practices, becoming more selective and expanding during broader economic layoffs. - [00:21:52](https://www.youtube.com/watch?v=x1yRb5_PVro&t=1312s) **Economic Pressure Fuels Moral Flexibility** - The speaker contends that financial desperation and harsh work environments cause otherwise decent individuals to compromise their morals, highlighting the need for governments and corporations to mitigate such pressures. - [00:25:31](https://www.youtube.com/watch?v=x1yRb5_PVro&t=1531s) **AI Fraud as Critical Infrastructure Challenge** - The speaker highlights AI‑driven fraud as an expected growing‑pain, stressing the need for governance, policy, and infrastructure‑level safeguards against human‑exploited AI vulnerabilities. - [00:29:26](https://www.youtube.com/watch?v=x1yRb5_PVro&t=1766s) **Prioritizing Speed Over AI Safety** - A speaker argues for launching AI products quickly to meet market and financial pressures, dismissing essential safeguards, testing, and non‑functional requirements. - [00:33:49](https://www.youtube.com/watch?v=x1yRb5_PVro&t=2029s) **Misusing Corporate Resources for Bitcoin** - The speakers discuss employees exploiting company assets—like green energy systems and laptops—to mine Bitcoin, highlighting the need for better anomaly detection and heightened vigilance against insider threats. - [00:36:55](https://www.youtube.com/watch?v=x1yRb5_PVro&t=2215s) **AI Meets Operational Technology Threats** - The speakers explore how modernizing smart grids and AI intersect with legacy operational technology (OT), highlighting emerging security risks like energy theft and the need for increased compute power. ## Full Transcript

0:00I'm going to say everybody's two favorite letters here, which 0:03it you know I'm a huge fan and an early 0:07adopter of AI, but I am going to say that 0:10this is one of those times when AI is not 0:12our friends. All that and more on Security Intelligence. Hello 0:19and welcome to Security Intelligence, IBM's weekly cyber security podcast 0:24where we express our undying gratitude for the many tools, 0:28tactics and people who keep us safe. Safe from ransomware, 0:31shakedowns, rogue AI agents and sundry other maladies. I'm your 0:36host, Matt Kaczynski. It's Thanksgiving time here in the US 0:40and I am thankful for this wonderful panel in front 0:43of me today featuring Suja Viswasen, VP Security Products, Dave 0:47McGinness, Global Partner, Cyber Threat Management Offering Group, and Nick 0:51Bradley of X Force Incident Command and the not the 0:54Situation Room podcast. And to start us off, I wanted 0:58to ask you all what you are thankful for in 1:00cyber security world. Or maybe not cybersecurity. Maybe you don't 1:03feel very thankful about that stuff right now. Nick, let's 1:06start with you. What are you thankful for? I'm thankful 1:08that we did not have another Solar Winds, Move it 1:11or Colonial Pipeline level event. I mean we had some, 1:14we had some bang up outages. I mean aws, East 1:17One and Cloudflare sure tried to take some trophies there. 1:21But I'm going to knock on wood and leave it 1:23at that. I like that. Sujay, how about you? I'm 1:26really thankful that many enterprises are coming together to fight 1:30this. Right? It's not a competition anymore. It's like cooptation, 1:35everybody coming together to fight. So I'm really grateful that 1:37companies are coming together. I like that too. I think 1:40we'll need more of that. Dave, how about you? I'm 1:42just thrilled and thankful that security is not being left 1:46behind in this latest technology revolution. So we're always the 1:50last dog at the trough. So it's good to know 1:54that, you know, AI is changing the world and security's 1:58being spoken about, which is great. But I will echo 2:01with Nick because usually it's the Internet emergencies where Nick 2:03and I spend most of our time together. So tis 2:06the season. So yeah, I'm with you on that one 2:09too, Nick. That's great. I feel like we just jinxed 2:12ourselves and we're going to get off this call and 2:13there's some kind of terrible incident, but we can wait 2:16until that happens. Dave and I have been meaning to 2:18hang out again for a while, so I guess it's 2:20time. You know, Silver I like that. The silver lining. 2:24You're always such an optimist on the show, Nick. Here's 2:26what we're talking about today though. We got IBM X 2:29Force's new public GitHub repository, a dark web job market 2:33trends report factory catches, an AI powered fraud campaign, and 2:38a man who tried to turn wind turbines into crypto 2:40mines. But first, it is holiday scam season. Now, as 2:49everybody knows, Black Friday marks the unofficial start of everyone, 2:52someone's least favorite holiday tradition. And I'm not talking about 2:56waking up early for those doorbuster deals. Although on side 2:59note, I don't know that anybody does that anymore. And 3:01I might just be aging myself, but I'm talking about 3:04scam season. Around the holidays, scam incidents tend to skyrocket. 3:09Often impersonating real retailers, scammers will set up fake websites, 3:14fake ads, fake promotional texts and emails, all to steal 3:18people's money or personal data. Now, according to a report 3:21from Checkpoint, hundreds of new Black Friday related domains have 3:25been registered in October and November. And an estimated 1 3:29out of every 11 of those domains is malicious, which 3:32has a decent number. Now, a lot of coverage of 3:36these scams looks at how they affect everyday people, which 3:38makes sense. But you know, we at IBM, we deal 3:41a lot with enterprise security. And so I wanted to 3:43talk about it from that angle. How do these scams 3:46affect organizations? What do they do to the enterprise? Suja, 3:50let's start with you. How does the holiday scam season 3:52affect us here in corporate world? Two things, right? One, 3:55it has changed. It becomes a threat to the brand. 3:58Right? First of all, it's threat to a business, but 4:01it's also threat to a brand because from the user 4:03perspective we have learned that just educating the user is 4:07not enough. So every company has a brand to protect. 4:10So from IBM perspective, how do we help our enterprise 4:13so that their brand is protected? So educating the enterprises 4:17to work closely with that marketing. Now security needs to 4:20work with marketing and branding to make sure that if 4:23there is an anomaly, they are able to catch it 4:25ahead of. The second one I would say is when 4:28a bunch of domain get created closer to these, we 4:31should be like vetting them much more closely as part 4:35of our security wedding than anything else. Yeah, I like 4:38that you mentioned security and marketing and branding should kind 4:40of work together because I think that we don't necessarily 4:43think of that as being a common pairing, but especially 4:45at this time of year, you're going to need to 4:47do that kind of thing, right? Because that Checkpoint report 4:50also found that when it comes to those malicious domains, 4:53a lot of them are masquerading as like real places, 5:02everybody's two favorite letters here, which, you know, I'm a 5:06huge fan and an early adopter of AI, But I 5:10am going to say that this is one of those 5:12times when AI is not our friends because AI has 5:16made it so easy for them to set up these 5:19mimic domains like that. And it's not like it used 5:23to be where it looks hokey or quirky and you 5:26could tell this does not look like the Home Depot 5:28normal website. No, it looks exactly like it because AI 5:32created it for them. So it's gotten more dangerous. I'm 5:35going to add one thing to what Nick said is 5:39thinking about on one side, AI is making it easy. 5:42AI is making it difficult for the consumers too, if 5:45you're a bot. Because we are telling everybody that you 5:47need to get on board with AI. If you're having 5:49an AI bot created to go buy stuff for you, 5:53it can get spoofed by these AI websites too, and 5:56then give your information without you realizing it. So it 5:59is a big problem. The enterprise trying to just sell 6:03their wares, right? So they've already got, they've made all 6:06of their changes. They're in their change freeze. It's their 6:09biggest time of the year. They're not getting people trampled 6:12anymore. They're getting trampled online. To your point there, Matt. 6:15Right. So you know, they've already increased their monitoring of 6:18their environments and their applications. Now they have to worry 6:22about their domains being stolen. Right? And it looking really 6:26good to, to the points you guys have just made. 6:28They got to watch their, their checkouts and their secure 6:31payments. They got to educate to your point, Suja, not 6:34just their employees. They got to worry about their, their 6:37customers, their clients. Right. And then how do you fix 6:41it? Are you going to go to your hosting providers 6:43and take down the sites? Like what, what are you 6:45going to do to take care of those sorts of 6:47things? So yeah, I mean the burden that's now on, 6:51you know, you know, on them is just. It's skyrocketed. 6:55Yeah, it's, it's, it's like you folks are reading my 6:57mind because you all just systematically answered all the questions 7:00I was about to raise about this stuff. But I 7:03want to go back to something that Suja had mentioned 7:05real quick, which was how it's not just the way 7:08that the AI can be used by the kind of 7:10attackers to spin up these websites, but it's also, like 7:12you said, rendering a world where people are kind of, 7:14they're starting to set up their own agents and they 7:16go and they buy stuff for you and that stuff 7:18can get scammed. I was kind of hoping you would 7:20expand on that angle just a little bit more for 7:23us. You know, how, how is this kind of complicating 7:26the terrain for, for enterprises right now? I think the 7:30one thing is you can create, like you said, you 7:31can create an agent to go say find me the 7:33best deal in the Internet for, for me to go. 7:36And for an agent, it doesn't know if it's a 7:38legitimate or not because as a user, if I, if 7:41my prompt is not engineered correctly, I might be misleading 7:45this agent to go do stupid things. Right? Which I 7:48might not have done by myself, which I'm capable of 7:50doing it, but less capable now I'm enabling my agent 7:53to be more stupid. These are all. So the biggest 7:57thing for me is the payment systems. The transaction processing 8:01need to get more intelligent to avoid this because like 8:05I said, we are going to do stupid things inadvertently. 8:08How do we stop from happening is the payment system 8:11has to become very, very intelligent to know that it's 8:15doing something. So it's not just the enterprises and brand. 8:18Even our transaction processing needs to become more intelligent and 8:21be fraud resistan. Absolutely. And it goes back to what 8:24you were saying earlier about how we need this increased 8:27kind of collaboration. I mean, we're talking about so many 8:29different players here. Nick, I saw you starting to say 8:32something. You want to jump in here? One of the 8:33things that I think a little bit differently on now 8:36than I used to because I used to really be 8:39a non supporter of all of the cybersecurity education courses 8:43that we've all been forced to go through that we 8:46just want to click through it so that we can 8:47get the certificate so our manager can stop telling us 8:49to get it done. But this is one of those 8:52cases where user education is actually still a little bit 8:56important and that's just because the landscape has changed. There's 9:00so many things that people need to understand and the 9:02basic one first is don't do your holiday shopping on 9:05your work laptop. I know it's tempting and it's easy, 9:08but let's just take that out of the equation. You 9:10already have a phone, just use your phone. So part 9:13two to that now is obfuscation, right? There's new levels 9:16of obfuscation that people aren't used to. Or that they 9:19just might not even realize is a bad thing. The 9:22little URL shorteners, those things are just traps waiting to 9:26happen. And then you also have your own safety. You 9:29can take measures to be safe yourself, right? If you 9:31usually shop on Amazon or you usually shop and I 9:35mentioned them again before, maybe, maybe they'll sponsor me. I 9:37don't know. Home Depot. But go to the site that 9:41you're used to going to, right? Don't go through an 9:45email that, wow, Home Depot never emails me. But this 9:48time they sent me an email with a cute little 9:50shortened URL to take me to this special offer. Sure 9:53they did. Go ahead. That's gonna work out well. Don't 9:56do that. Just like you do with your bank, right? 10:03And then lastly, I'll throw. On top of that is 10:06just protecting yourself through more than one level of fraud 10:08protection, right? Using Tap to pay at the grocery stores. 10:12The stores like that are safer. Using a Google Pay 10:15or an Apple Pay, when you're buying something online, something 10:19that gives you one extra level or even PayPal, right? 10:21I know that's old school, I'm aging myself now, but 10:26those things give you an extra level of protection other 10:29than just using your debit card and just getting completely 10:31ripped off, right? So just other ways that you can 10:35protect yourself. There's. I say this all the time, there's 10:39no silver bullet, but in this case, these are some 10:42things that could help. Maybe it's a ten bullet, I 10:44don't know. Almost as effective. I do like though, that 10:48you point out something that's so extremely simple, but it's 10:50like one of the most important things you can do 10:52is don't do your holiday shopping on any of your 10:54work devices, man. Just don't do it. Never do that. 10:58And if you don't do that, you're not gonna be 10:59the one who gets your company breached. It's gonna be 11:03someone else and you don't have to worry about it 11:04that much. But to round out the segment though, I 11:08wanted to go back to something that you had said 11:09earlier, Dave, which is how the burden now is so 11:12much higher on kind of security teams to deal with 11:15this stuff as it comes faster and it comes at 11:17greater scale and it maybe is more convincing. Do you 11:20have any thoughts on how they deal with that burden? 11:23I mean, I mean, how do you respond to this 11:24landscape when scamming is so fast? And so easy. It 11:28just feels like the answer to everything these days is 11:30AI, and you have to fight AI with AI, but 11:33you're not going to solve it with people. I mean, 11:35it's, it's, it's. I mean, yeah, sarcasm, but it is 11:39the answer. It's. If you can, if you can't generate 11:42it with humans, you're not going to be able to 11:44fight it with humans. Right? And you're not. This isn't 11:46being generated with humans. Right. So if there's a zillion 11:49permutations, you need something that can handle a zillion permutations 11:52and suss through it. You know, it's going to have 12:00But then I think, you know, the point that Sudra 12:03made just a moment ago around, you know, some of 12:06the responsibility, going back to the payer systems, right. If 12:11they're not allowed to process the transaction, I really don't 12:14care that it's a fake Home Depot site and I 12:17want Nick to get sponsored really bad. So I don't 12:20know why, but I mean, if the transaction can't go 12:24through because the payer system has decided, hey, you know 12:28what, that's a fraudulent site and we've taken it offline 12:31that there's more due diligence or whatever that entails. Maybe 12:38the first couple get through and then, hey, flagged. And 12:41I know that that's what happens, but maybe there's some 12:43there that could be sped up or something along those 12:46lines, so. And maybe I could help that too. I'm 12:49sure they're working on it. I wish we go to 12:50this place where something is too good to be true. 12:53It's probably not true. Thank you. I'm glad somebody said 12:56it. I was trying to avoid saying that because I 12:58think I said that like five times in a row 13:00on my podcast. I'm like, don't say it again. You 13:06know, I mean, we've said this so many times on 13:08the show. So much of cybersecurity is just teaching people 13:10basic, like human common sense kind of lessons, you know, 13:13about certain things. And I also just. Wonderful tagline. If 13:17it wasn't generated by humans, you can't fight it with 13:19humans. That's great. I mean, Dave, if you ever want 13:21a second career in copywriting, you got the chance. Yeah, 13:24you need to copyright that for somebody else. But I 13:25don't know about that. Let's move on then to our 13:29next story. X Force introduces a public GitHub repository for 13:35malware threat research tools. The new GitHub is intended to 13:43host every project the X Force thread research team contributes 13:46to or creates for public use. It's currently home to 13:50X Force's fork of dragotis, a framework for a universal 13:54dissembler script that helps reverse malware code so researchers can 13:57analyze it. X Force's fork of NSIS reversing suite, a 14:02Python library for analyzing the null soft scriptable installer system 14:06installers often used by malware. The Goo Loader Dumper. I 14:10don't know if I said that right, but the Goo 14:12Loader Dumper, a tool developed by X Force to dump 14:15Goo Loader payloads and dotnet utils, an X Force created 14:19library for parsing, emulating and patching.net executables. Now, again, this 14:24goes back to something that Suja mentioned all the way 14:26up top, talking about the more collaborative kind of landscape 14:28in threat intelligence. And this seems like an extremely collaborative 14:31move to me. Open sourcing these tools, putting them out 14:34there for other security professionals to use. So, Dave, I 14:37want to start with your reaction here. How do you 14:38feel about this kind of open source collaborative approach to 14:41security that we're seeing? I think the good here outweighs 14:44the bad. And look, I know that we can fall 14:47on. There's good, there's bad. I like the open collaborative. 14:52I think security should be done out in sunshine. Right. 14:56I think the dark corners, right. I mean, I've been 14:59doing this a long time. It doesn't help to hide 15:02stuff. You know, we all win together. And if I've 15:06got something good. It doesn't. It does. No, it does 15:11no benefit that I keep it to myself. Right? So 15:15I'm all for this. I think this, I think the, 15:17the benefits here, you know, just far outweigh. I hopefully 15:22others line up behind us and go, you know what, 15:26it's about time, right? I really do think this is 15:28the right thing to do, so. Absolutely, absolutely. You just 15:32learned to work in the dark. I was born. So 15:38this. Was that a, Was that a Bane reference? That 15:41was my Bane, Dave, I mostly agree with you, actually. 15:45And the funny part about that is I didn't want 15:48to because I am not a fan of open source, 15:53just about anything. But in this case here, I have 15:57to agree with you. I have to agree with you 15:59because I think this is the way we're going to 16:01work together. And I think we saw a little bit 16:04of that with some of our earlier tools that didn't 16:07go. Go all the way to this level. And this 16:10I'm kind of looking forward to it. I'm not gonna 16:12lie. I really hope it's successful and I look forward 16:14to messing around with it myself, to be honest. You 16:17know, Nick, I'm kind of glad you said that you're 16:19a little skeptical of open source stuff because I had 16:22a feeling you'd be the one I wanted to ask 16:23this question to, which is open sourcing stuff does kind 16:27of come with certain risks, doesn't it? And especially when 16:30you think about. We've seen GitHub be like an attack 16:34surface for some serious attacks this year. Right. And I'm 16:37kind of wondering how you balance benefits of open sourcing 16:40security tools like this with the need to defend this 16:43as like a new part of an attack surface. Right? 16:45Like, how do you, how do you, how do you 16:47deal with people? I don't know, you know, cloning your 16:49GitHub and pretending to be you, for example. We've seen 16:51that happen before. Any thoughts there? You might not be 16:53referring to a shy hallude or other types of. Other 16:59types of attacks of that nature. So that, that's the 17:02problem. Right. But the, the issue is not the open 17:06source itself. The issue is the easiest way I could 17:10say the issue is being lazy because open source can 17:14be secured better. And that's where the problem comes into 17:17play. It's not the open source itself, it's the inability 17:20to enforce regulation on keeping it secure. When it's open 17:26source, there's so many people with their, with their hands 17:29in the pudding and there's so many people that, that 17:31aren't doing things the right way. And there are methods 17:35that can be used to keep open source more safe. 17:38It's just in non open source situations that is. That's 17:42forced, you have to follow these rules. And that's not 17:45perfect either, but it's a little better. It's the hygiene. 17:52Thank you. There was the professional word I was looking 17:55for. Well, good. Let's get Suja. I want to bring 17:59you in here too to get your thoughts on that 18:01hygiene. But also just in general the open sourcing of 18:03this stuff. Does anything stand out to you? How are 18:05you feeling about it from security perspective? Competitive edge isn't 18:09secrecy anymore, right? It's speed. So it's important to go 18:14share these with the industry. Like I said, it's a 18:16team sport. But how fast the SoC and all the 18:20companies can adapt to it and then build their defenses, 18:23that is where the secret competitive edge is for companies, 18:26for enterprises, to make money and also to get the 18:30defenses up. So it's important to Open source these things 18:33and share the technology. But how fast we can adopt 18:36it and then get our systems more sharp. And just 18:43like we have talked to that on this one. Right. 18:45Where AI or any of these are, I mean it's 18:51a tool that can be weaponized or can be used 18:53for good. So on both sides it is there same 18:55thing applies for open source. We need to make sure 19:04mean a tool is a tool is a tool. It's 19:06not the tool doing the, it's not how the or 19:08the tool itself, it's how it's used and who is 19:11using it. These open source tools are a trust experiment. 19:15If you really, really look at it. It's a trust 19:18experiment and trust cuts both ways. So we need to 19:20have these hygiene in place and everything to make sure 19:24that we are protecting it and then upping our defenses. 19:27Absolutely. I really like too what you said about how, 19:30you know, it's not secrecy that's the competitive edge, it's 19:32speed. Right. Like I do think especially in this moment 19:36when we're dealing with this AI, these AI generated threats 19:39we're talking about, these AI amplified threats we're talking about 19:41speed really takes the cake. I think that sounds good. 19:44How about we move on to our next segment here 19:46folks. Kaspersky released a report about the Dark web economy 19:55based on an analysis of two years worth of job 19:58posts on dark web forums. Overall, we get the picture 20:01that the dark web job market operates a lot like 20:04the legitimate one, including the fact that Dark web employers 20:07are getting pickier. They're increasingly demanding that candidates pass tests 20:11and security checks. And dark web recruitment efforts tend to 20:16increase when layoffs in the legitimate markets increase. So there's 20:19a kind of very interesting connection there that I want 20:22to probe. But first, initial reactions. Let's start with you, 20:25Nick. How you feeling about this Dark web job market 20:28report? I mean not surprised in the least. I mean 20:31we have seen this developing for years now as we 20:34have watched bad actor groups become more organized. The way 20:38they work, you know, with each other and the way 20:41that they work with affiliates. I mean it's just another 20:44enterprise. So why would another enterprise not just hire just 20:49like we do? It's fascinating. Right. Dave, how about you? 20:52Any thoughts there? Disgruntled folks are going to turn where. 20:56Right. So do, do the countries that have social safety 20:59nets not have a as robust safety? Like it's just 21:03a fascinating like I, I when when we threw this 21:06out, Matt, as a topic. I was just like, we 21:08could talk the entire time about this and I would 21:11love to get like sociology experts in. And economics experts 21:16in. Like, this is, this is so much bigger than 21:19a cyber security problem. It's just really, this is fascinating 21:23to me about, about, like, where does this go? And, 21:26and the data that that was in the report just 21:28did not. It just scratched the surface around like, yeah, 21:30it's happening. Like, well, yeah, it's happening and it's been 21:33forming. And to Nick, to your point, like, no, no 21:35big surprise at all. But I, I would love like 21:39the Freakonomics guys to do something on this. Like, this 21:41would be fascinating. Well, then the other issue is none 21:46of us here are of questionable moral character. So most 21:50of us would probably think, I would never do that. 21:52Right? It wouldn't even cross my mind. But we tend 21:56to see, especially in the security industry, that you don't 21:59have to have someone with that questionable of a moral 22:01character. If you put them in a bad enough place 22:05where eventually their morals will flex and bend because, well, 22:09survival first and then high morals, moral second. And that's 22:14just where some people, I think, are being pushed. And 22:17so if you have people that already had a questionable 22:19moral character, well, then it just got a lot easier. 22:22I think that is the biggest thing, right? It's not 22:24about what, what is, what is your line where you 22:27will be pushed over that edge, right? We were having 22:30this conversation about morality with somebody that if you want 22:33to put food on your table for your children, what 22:35comes first at that point? What do you choose? I 22:37think that is what dictates a lot of things. And 22:39this is not something which is happening today. We have 22:42seen that in different parts of our country, in different 22:46times, when there is a depression, when there is. I 22:49mean, with mafia drug cartels, it's no different than this, 22:53right? When you have a huge unemployment and then people 22:56are trying to figure out their living, this is bound 22:59to happen. The bad actors are bad actors. That's going 23:02to happen no matter rain or shine. The good people 23:06who are pushed into that is very easy when they 23:09have no other choice. So that's why it becomes extremely 23:11important for governments and corporations to think about how are 23:15they going to reskill, how are they going to make 23:17sure that human beings. To me personally, this is Suja's 23:21opinion, which is we are up to no good when 23:23we have nothing to do. We need to be busy. 23:26Oh, idle hands, idle hands. One of the things that's 23:30interesting to me is it's like a two way flow 23:32in some ways. Right. Because we're talking about how when 23:35we have layoffs or people are in difficult positions, they 23:38might that, you know, use their legitimate skills for legitimate 23:40ends. I'm thinking about how we talk about layoffs and 23:44we talk about how we've seen, you know, a handful 23:46of them happen recently and some of them have been 23:50connected to oh, we're hiring less or we're letting people 23:52go because now we have AI to do more things. 23:54Anybody have thoughts on that? I'll keep it basic as 23:57far as that goes. In my opinion, AI is going 24:01to happen. It's not going away, you're not going to 24:04stop it it. So embrace it. To me, it's the 24:07next industrial revolution. I think I might have said that 24:10last time. And to try to fight it just means 24:12you're just going to get run over. So the best 24:15you can do is learn it, learn to take advantage 24:18of it. I mean, those of us here in technology, 24:19we know, learn the new stuff. If you just sit 24:22with the old stuff, you halt, you catch fire. That's 24:24how it works. Now do I think we're trying to 24:28move forward a little too fast in some cases maybe. 24:32And let's end it there on that note of a 24:34happy middle ground and move on to our next story. 24:38Factory breaks up an AI fraud ring. In this case, 24:45the attackers built a sophisticated infrastructure to exploit some free 24:50and reduced AI compute from malicious ends. It worked kind 24:54of like this and I'm a little bit impressed with 24:56how the scheme worked. So you've got, you know, these 24:58coding agents like factories and many others. They offer free 25:01trials or reduced rates for new customers. So what these 25:05scammers did is they use their own kind of AI 25:07infrastructure to scam up a bunch of, to spin up 25:10a bunch of fake organizations and sign up for accounts 25:13and get these free and reduced rates from a bunch 25:15of different assistants, not just factories. And then they pulled 25:18it all together as like their own little, little pool 25:20of tokens and then they bundled that and sold it 25:23to other users who could then use it for things 25:25like vulnerability research or funneling attack traffic, generally malicious ends. 25:32Like I said, I'm just, I'm a little bit impressed 25:34almost by the kind of elegance of it and the 25:38sophistication of it. And I just want to throw to 25:40you first, Dave, your thoughts on this kind of fraud, 25:43this AI fraud we're seeing. I don't think it's terribly 25:45new. Right. I think clever people are going to find 25:49clever ways to break in, right. It. If you go 25:52to any new thing, they're going to find, oh, they 25:55didn't think of this. What's the, what's the slick way 25:58to sneak in? Right. I mean pay walls were evaded 26:03before they were figured out how to get around them. 26:06Right. I mean anything, right. So I mean they'll fix 26:10it. It's governance and it's policy and it's audit and 26:15Right. So yeah, not terribly surprised. It's just growing pains. 26:21It's one thing we have been talking about. How do 26:23we stop AI from harming us as a society and 26:26all those things. There is a lot of talk this 26:28is about humans harming AI, right? Arming it out and 26:32then how do we prevent AI from being harmed by 26:37humans? Right. So it's in both sides and this is 26:41one case of hey, how do they when used AI 26:45to cause more harm and who did it? It's humans 26:48who did it. It's not like AI harming us, it's 26:50humans who did it. How do we bring that protection 26:52and how do we make sure that this becomes a 26:55critical infrastructure? Now AI is not something pretty on top. 26:58It's part of the critical infrastructure. Critical infrastructure which was 27:02not exposed is now exposed thanks to AI. How do 27:05we protect it? How do we make sure the right 27:07controls are in place? I think zero, like free tier 27:11became a zero day vulnerability. Now that's what this start 27:14is. That's a really good point. Right. The free tier 27:16became a zero day vulnerability. I like how you put 27:19that. And I also. You took the words right out 27:21of my mouth when you said that this was about 27:23humans attacking AI. Right. Like it's very interesting to me. 27:27The anthropic story that I compared it to was very 27:30much about AI being used to attack and now we're 27:33talking about attacking AI. And sometimes I wonder if in 27:36our conversations around AI security we often focus a lot 27:38on the AI powered threats and even how AI, how 27:42defenders are using AI but not necessarily on the fact 27:45that you have to also defend the AI. Right. Like 27:48it's part of your system. It needs protection too. So 27:51I think that this, you know, it raises the salience 27:53of that point. Nick, any thoughts on your end? I 28:03with it. So we spend so much time finding out 28:06what we can do without asking ourselves what we should 28:09do. And. And it happens. And as someone said earlier, 28:13I think it was you, Dave, it's growing pains and 28:15it is what it is until we figure out how 28:17to put better guardrails around this thing. And for every 28:20guardrail we put up, somebody's going to figure out a 28:23way to circumvent that guardrail. So we've got to keep 28:25trying. It's just going to be continuous rat race, as 28:29the security industry has always been. So welcome back to 28:32the club. One of the things that was really interesting 28:34to me was the way that factory kind of responded 28:36to this after they found it. They talked about the 28:39coding assistant itself to create a set of fraudulent traffic 28:43classifiers so it could spot when someone was coming through 28:46this little network, evaluate traffic against those classifiers, and then 28:50block it. Right? So that's a clear use of like 28:52AI being used to stop AI. I thought that was 28:55extremely nifty. And I want to just go back around 28:57the circle real quick to get some thoughts on how 28:59we protect our AI. Like such said, I'm going to 29:03throw. Shade on that really quick because if they were 29:05able to fix it and do that so fast, why 29:07didn't they do it in the first place? That's a 29:08good point, Nick. That's a good point. That's like me 29:11figuring out, wow, if I lock the door, the bad 29:13guy has a harder time getting in. Maybe I should 29:15have locked it in the first place. You know? No, 29:19that's. That's fair, right? That's fair. Maybe those traffic classifiers 29:22should be there in the first place. Maybe it shouldn't 29:25take an attack. I don't know. I guess you're right. 29:26Or maybe, I don't know, maybe Tyneside is 2020. It's 29:29one of those things of throwing it out there to 29:30use it before it's ready. Any other thoughts on that, 29:33Dave, you have any thoughts there about the AI classification 29:36or just protecting our AI in general? I agree with 29:39Nick. I think, I think there's just, there's a. There's 29:42a. We got to get it out there, right? And 29:44it could be. We got to be first to market, 29:47right? Because I'm competing, right? Or my CFO says I 29:52have to, right? Because we're going to save, you know, 29:5512 cents or $10 million or whatever the, whatever the 29:59business case is, and it doesn't matter if it works, 30:03right? Because I'm going to make my date, right? And 30:06so what's going to get cut? This stuff, right? Guard 30:10rails, audit oversight, security, robust testing. Boring. I didn't hear 30:18anything. Those are all non functional requirements, right? None of 30:23that stuff. I'm not putting any of that in my 30:26commercial. Right. None of that's going in my super bowl 30:28commercial. None of that's it. I do have a chicken 30:31and a monkey, though. Those things are going in, right? 30:34So. I guess. Yeah, I mean. I mean, I think. 30:39I think, like, there's such speed, and we. It's got 30:44to get out there. You got to get the press 30:45release. You got to get the clicks. Right. They want 30:48to get the. The free trials used. I love that. 30:52I mean, su. Beautifully said, right? Their zero day was 30:55their free trials. Like, that's like. Yeah, that's awesome. Right? 30:58So someone found a way through it. That's a good 31:01one. We are. I mean, I'm telling you, this is 31:02a tagline machine, this episode, folks. Suja, I just want 31:05to give you a chance. Any last thoughts on this 31:08topic to round us out before we move on to 31:10the next one? This is where AI Combating with AI. 31:12I think one of our podcasts where JR was talking 31:15about the red agent and the blue agent. Red being 31:17bad, blue being good. And then we. We figured out, 31:20how do we make sure? Because as Dave just pointed 31:22out, you need AI to combat AI the same, just 31:25like how you need humans to do that. So we 31:27need to be thinking about it day one, day zero, 31:31rather than after the fact. Absolutely. Let's move on then, 31:35to our final story for the day, something much lighter 31:38than the things we were just talking about. A wind 31:40farm worker who tried to use turbines to mine cryptocurrency. 31:49An employee at a Dutch wind farm was caught installing 31:52crypto mining rigs on his employer's network, including blockchain nodes 31:56inside of the actual wind turbines themselves. You know, crafty, 32:01but, you know, he did get caught. Of course, it's 32:05comical, but it is also a good reminder of the 32:07dangers of insider threats. For example, we did see a 32:10more serious insider threat last week at CrowdStrike, where the 32:14cybersecurity firm found out one of their employees was selling 32:17screenshots of internal systems to our friends at Scattered Lapses 32:21Hunters. And the hackers said they agreed to pay this 32:25insider $25,000 for that activity. So, you know, it can 32:28be a lot more serious. But to start off again, 32:31I just want to get some initial reactions to either 32:33this wind farm scheme or insider threats in general. And, 32:36Nick, like I said, I know you folks tackled this 32:38on your latest episode of not the Situation Room. So 32:41start us off here. What are your thoughts? Well, first 32:43off, I want to say hats off to CrowdStrike for 32:45catching that person before their dastardly scheme was able to 32:49take hold because they. They caught him and stopped it 32:51before access was granted to. To our shiny Lapsis hunter 32:55friends. And this, this one, it's hard to tell it 33:01with a straight face. I mean, just like I said 33:03before on. On our podcast, the idea of windmills mining 33:08bitcoin is just. It's just pure comedy. And the salt 33:13in the wound is the fact that they did it 33:15while they were. The. The individual did it while they 33:18were in the process of already trying to recover from 33:21a ransomware event. Event. It was like, really, dude? I 33:25mean, come on. And so, yeah, I mean it highlights 33:30the threat of, you know, that insiders can pose. But 33:33this one, I never would have thought of that. But 33:36he, like, he, he. He did get busted and he 33:39did have. He has to perform a certain. I forget 33:41the number amount of community service hours and he has 33:44to pay a fine back to the company for damages 33:46and to enter the state. It's creative though. It's innovative. 33:49You know, he was, he was thinking. Never heard of 33:51that before. I have to give him credit for that. 33:54Using. Using green energy to mine bitcoin. I was just 33:59thinking what Nick was going to say. He didn't want 34:02anybody to be using their laptop or doing holiday shopping. 34:05Here is a guy. Yeah, it's like that on steroids, 34:12right? It's like, don't use your laptop to go holiday 34:15shopping. Don't use the company's wind turbines to mine bitcoin. 34:18These are simple things. Really, folks. These are simple things. 34:20Things. But Suja, no, I wanted to give you some 34:23space too. Any thoughts on your end about this or 34:25also just again, insider threats in general, things to be 34:28vigilant about. What are your thoughts? This guy knew what 34:30he was doing. So obviously. So we need to figure 34:33out, even operationally, what are the alerts there where you 34:36are looking at anomalies to say something? Because anomalies can 34:40be that your customers like what you're doing or it 34:42could be something that is happening in the system. So 34:44we need to have better tools to detect these anomalies 34:49so you can catch it. But inadvertently people doing it. 34:52Right. Because just like what the shopping thing that Nick 34:55talked about where people use their laptops for shopping all 34:57the time or you just took a stapler home or 35:02like sticky home. People are used to that. They don't 35:05think it is wrong. So this can become an extension 35:09to it where when they are using these tools, they 35:11don't think that they are doing anything wrong and then 35:13they end up doing it. So that's why the tools 35:16need to be there to prevent us from doing some 35:18of these things. And the landscape is evolving every day, 35:23so we just learn from it. As Dave was talking 35:26about, we are in growing pains. We have to learn 35:29and then make mistakes and then put guardrails and keep 35:32doing it. It's an iterative process. That's an extremely good 35:35point. And when we say a word like insider threat, 35:37it sounds very evil. And me. And sometimes it is 35:40kind of malicious. But like you said, you know, shopping 35:42on the company laptop, as we keep saying, that's also 35:45a version of insider threat, right? It's negligent, it's not 35:47malicious, but it's still a version of that, and it's 35:50worth being, you know, aware of that kind of thing. 35:53Dave, any thoughts on your end here? Yeah, I mean, 36:02I know, shocking. And I'm not kidding, right? So, like, 36:06this is the first. First time we've said ot. This 36:09is good. I mean, now, granted, we don't have an 36:12outsider attacking ot, and it's not really an attack, but 36:19this is real, right? I mean, we've got a very 36:22large portion of our world that is not it. In 36:26fact, it doesn't exist without the ot, right? It is 36:31not running without juice. It needs the power, and that's 36:36just a simple part of it, you know, So I 36:40think OTs and, and the securing OT, I mean, that's 36:43a. That's a couple of weeks of podcasts. Yeah. Dave, 36:46I was actually never a fan of calling it something 36:48different because to me, one doesn't exist without the other. 36:51So it's it OT however you want it Iot. Right? 36:55There we go. Now that's another thing, right? New, cool, 36:58different names to make it something different. But yeah, you 37:01know, I'm getting that for sure. For sure. But I 37:03mean, it's. It's a whole nother realm of. Of things 37:06that are. Are currently being modernized, right? Smart everything, grids, 37:12etc. Etc. Etc. Right? And AI is just sitting there 37:17looking at it, waiting to get its gritty little pause 37:20on it. It could be opposite ends of the spectrum, 37:21right? Because you're talking about AI, which is the newest 37:24of all things we're talking about, and then ot, which 37:26is probably one of the oldest. And OT was never 37:29meant to talk to those other things. That's the. It's 37:32the first kind of story that we've had here that 37:35has OT in it. So I was kind of like, 37:37oh. Kind of interesting with all these AI and everything. 37:39Energy becomes a key thing, right? So energy theft has 37:42become easy because of what we have today. So we 37:45need more compute power for anything good, bad and ugly. 37:49So how are people going to tap into it? That 37:52becomes a huge threat like threat vector now. And as 37:55Dave pointed out, that is now exposed to the world 37:59for easy for grabs. And you know, I, I, you're 38:02right, Dave. This is the first time in this episode 38:03we've talked about ot, which operational technology for people listening 38:06who aren't aware of that. The producers have yelled at 38:09me in previous episodes for not clarifying that. So OT 38:12is operational technology. But yeah, it's a good point though 38:17that this is the first time we've talked about it 38:18in this episode. But it is a massive attack service. 38:21And like you said, Nick, you know, it's, it's weird 38:24that we treat them as separate things, right? And, and 38:27in treating them as separate things with different names or 38:29whatever, we also create this kind of gap where like 38:32we know that that OT is patched less regularly than 38:35IT and, and you know, there are various reasons for 38:37that, but at the end of the day it does 38:38create like a two tiered system. And I don't know, 38:41we're leaving ourselves kind of open in some ways. So, 38:44you know, this is, and this is one of those 38:46examples of how we leave ourselves open. Maybe people weren't 38:48paying as much attention to these turbines as they might 38:50have been to a work laptop. I don't know. You 38:52know. Well, I'm sure that the, I'm sure that the 38:54guy was hoping that no one was paying attention and 39:05mystery van was outside? That's all the time we have 39:09for today. Thank you to our panelists, Nick, Dave and 39:13Suja. Thank you to the viewers and the listeners. As 39:16always, subscribe to Security Intelligence. Wherever podcasts are found, stay 39:20safe out there. And if you haven't yet, thank your 39:22IT security people. I hear they really like fruit baskets. 39:26And keep an eye on your audio feeds this Friday, 39:30November 28th for a special audio only bonus episode of 39:34Security Intelligence. We've got a malware reverse engineer coming on 39:38to tell us the story of what it's like to 39:40discover a new strain of malware. Right in your inbox. 39:44Again, that's Friday, November 28th. Coming to Spotify, Apple Podcasts 39:48and wherever else you listen to the show. Thank you 39:51folks. folks.