RSAC ( ) According to FBI Deputy Assistant director Cynthia Kaiser in an interview with The Register at the RSA Conferencea Chinese government-backed crew is testing AI in each stage of attack chain. It’s not to say they’re successful, but it makes them “more efficient, or might make them a little faster,” Kaiser said.
The threat of digital intruders backed by Beijing that are snooping on America’s critical infrastructure is not a surprise to anyone who knows at least two Typhoons which have been revealed between last year’s RSAC event and this year’s Infosec event. Most people are now aware of how Beijing’s snoops can move around critical government, water, telecommunications and energy networks for years without being detected. Volt Typhoon (19459059) for example infectedthousands of outdated routers, to build a botnet and break into US critical facilities. They were also preparing destructive cyberattacks against these targets.
Another Chinese espionage team, Salt Typhoon, compromised nine US telecommunications companies and government networks in the past year before attempting to exploit over a thousand internet facing Cisco devices as recent as January.
These agents and others working for the Chinese government hack into American networks using “unsophisticated means, or especially end-of-life devices,” Kaiser, according to The Register. She said
“We see them coming in, oftentimes, through unpatched vulnerabilities or an unpatched device, and then when they get onto a system it’s very quiet,” .
FBI Agents who responded to China’s Volt Typhoon intruders and visited some energy and other compromised facility “will talk about how deftly the Chinese navigated an internal system, coming in through a business network to get to the operational side,” Kaiser pointed out. “That’s what we saw with Salt Typhoon as well: being able to move laterally and navigate, taking their time to get the access they want.”
Former FBI Director Christopher Wray was fond of warning that China had 50 dedicated hackersto every one of the Bureau’s cyber-focused agent. This was before the Trump administration returned and cut federal budgets and employees from payroll.
It would appear that America is making it easier for Chinese agents to do their jobs.
“Business as usual”
When asked how recent government changes affected the FBI’s capability to respond to cyberthreats Kaiser replied: “For us, it’s really been business as usual.”
This business involves responding to nation state attackers, as well as ransomware groups and other financially motivated Cybercriminals who are increasingly using AI in their attacks to make them more efficient, quicker, and scalable.
“At the FBI, we track AI really closely, in a refined way, to say, over time, which countries are either doing the use case or more frequently integrating it into which part of their operations across the attack life cycle,” Kaiser added. This includes using AI at scale to create fictitious profiles of businesses, and using large language models with these to craft more convincing spear-phishing campaigns.
- According to the FBI, ransomware scum, and other criminals, bilked victims of a staggering $16.6B in 2016.
- Open up, this is the FBI. China’s Volt Typhoon has infiltrated your network
- Admission is impossible: NSA and CISA brass were absent from RSA Conference
- Tips on how to survive as a CISO aka a ‘chief scapegoat’ officer
However, the intruders use AI in a similar way to the defenders, in that they do not use it to launch an end-to-end attack, but to make “We see a lot of adversaries just trying it out. How could I use AI here? What would it mean there? And it might just mean they’ve enriched a target campaign, it doesn’t mean they’ve created polymorphic malware that can change when it’s on a system,” Kaiser noted.
While the doomsday scenario that we’ve all heard at previous RSA Conferences hasn’t yet become reality, attackers use AI for more practical reasons.
“The other way that companies need to be worried about AI is that it does help an adversary map a network better,” Kaiser said. This is important because the “first line of defense is: keep adversaries out,” added she. “The second one, though, is then ensuring that people can’t move around your network.”
MFA or a safe term
AI is not only used for these two purposes, but also for the creation of deepfake videos that can be used to swindle individuals and companies out of money.
“Imagine you get a call from your CEO,” Kaiser said. “It’s on a messaging app you’ve used before, and it’s your CEO sitting in a house where you’ve seen them many times, and they tell you: I need you to make a wire transfer here, or join an urgent online meeting at this link. A lot of us, me included, would probably do what my CEO told me to do without thinking, could this be fake?”
Criminals do this, and use deepfake video to “swindle millions from businesses as a result,” adds Kaiser. “So it’s going to be imperative to add MFA to everything.”
This may include biometric data such as a fingerprint or an authentication code for digital systems. Multi-factor authentication can be used to verify someone’s identity in a low-tech manner, for example if someone at your workplace asks you to transfer large amounts of money.
Kaiser: “Old-school MFA is having a secret word.” (r)
