Tag Archive for: Adopting

Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies


The application of artificial intelligence is still in its infancy, but we are already seeing one major effect: the democratization of hacking.

The annual Bugcrowd report, Inside the Mind of a Hacker 2023, examines the attitudes held and methods used by the Bugcrowd pool of bug hunters. This year, the report focuses on the effect and use of artificial intelligence (AI) by hackers.

It also provides valuable insight into how malicious hackers will employ AI. For now, this is centered around the use of LLM GPTs, such as ChatGPT. There are numerous ‘specialist’ GPTs appearing, but for the most part they are wrappers around the GPT4 engine. ChatGPT remains the primary tool of hackers.

Seventy-two percent of Bugcrowd’s hackers do not believe AI will ever replicate their human creativity. Despite this, 64% already use AI in their hacking workflow, and a further 30% plan to do so in the future. “I agree completely with the majority that [AI] will not replace the security researchers/hacker,” says Timothy Morris, chief security advisor at Tanium. “Hacking requires skill (AI has that) but also creativity that comes from understanding context (AI does not have that). While AI may get better over the years, I don’t see it as a replacement.”

Nevertheless, it is the combination of human creativity with AI workflow support that is changing the face of hacking – and while that is good in the hands of ethical hackers, it is concerning in the hands of malicious hackers.

According to the report, which analyzed roughly 1,000 survey responses from hackers on the Bugcrowd Platform, hackers are already using and exploring the potential of AI in many different areas. The top use cases are currently automating tasks (50%), analyzing data (48%), identifying vulnerabilities (36%), validating findings (35%), conducting reconnaissance (33%), categorizing threats (22%), detecting anomalies (22%), prioritizing risks (22%), and training models (17%). 

To achieve these ends, hackers have been treating AI as just another tool in their toolset. The first requirement is to understand the tool, and the second is to learn how to use it. With ChatGPT, this falls into two categories –…

Source…

Adopting military tactics to fight the cyber war – defenceWeb

Adopting military tactics to fight the cyber war  defenceWeb

Businesses rely on predictions in order to set their strategies for the future, yet no one can predict precisely what will happen in 10 or even five years. That makes …

“cyber warfare news” – read more

New ransomware rakes in $4 million by adopting a “big game hunting” strategy

New ransomware rakes in $  4 million by adopting a “big game hunting” strategy

(credit: Tracy O / Flickr)

A recently discovered ransomware group has netted almost $ 4 million since August, in large part by following a path that’s uncommon in its industry—selectively installing the malicious encryption software on previously infected targets with deep pockets. The method differs from the usual one of indiscriminately infecting all possible victims. That’s the take of two analyses published Thursday, one by security firm CrowdStrike and the other by competitor FireEye.

Both reports say that Ryuk, as the ransomware is known, infects large enterprises days, weeks, or as much as a year after they were initially infected by separate malware, which in most cases is an increasingly powerful trojan known as Trickbot. Smaller organizations infected by Trickbot, by contrast, don’t suffer the follow-on attack by Ryuk. CrowdStrike called the approach “big-game hunting” and said it allowed its operators to generate $ 3.7 million worth of Bitcoin across 52 transactions since August.

Besides pinpointing targets with the resources to pay hefty ransoms, the modus operandi has another key benefit: the “dwell time”—that is, the period between the initial infection and the installation of the ransomware—gives the attackers time to perform valuable reconnaissance inside the infected network. The reconnaissance lets attackers CrowdStrike dubs Grim Spider maximize the damage it causes by unleashing the ransomware only after it has identified the most critical systems of the network and obtained the passwords necessary to infect them.

Read 5 remaining paragraphs | Comments

Biz & IT – Ars Technica

CES 2016: Auto industry faces challenges adopting connected car, autonomous driving technology

The stakes are high in the auto industry right now. New technologies, from connected cars to autonomous driving capabilities, create the potential for a revolution in the industry, but also pose challenges that could result in disaster if they are deployed before either the technology or the drivers are ready.

Jill Ingrassia, managing director of government relations and traffic safety advocacy for AAA, spoke during a panel at CES today about the potential for in-car technology to help address the epidemic of auto-related fatalities in the U.S., which reached a new low in 2014 but still amount to about an average of one auto-related death every 15 minutes. 

To read this article in full or to leave a comment, please click here

Network World Colin Neagle