Dear enterprise IT: Cybercriminals use AI too

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Elevate your enterprise data technology and strategy at Transform 2021.

In a 2017 Deloitte survey, only 42% of respondents considered their institutions to be extremely or very effective at managing cybersecurity risk. The pandemic has certainly done nothing to alleviate these concerns. Despite increased IT security investments companies made in 2020 to deal with distributed IT and work-from-home challenges, nearly 80% of senior IT workers and IT security leaders believe their organizations lack sufficient defenses against cyberattacks, according to IDG.

Unfortunately, the cybersecurity landscape is poised to become more treacherous with the emergence of AI-powered cyberattacks, which could enable cybercriminals to fly under the radar of conventional, rules-based detection tools. For example, when AI is thrown into the mix, “fake email” could become nearly indistinguishable from trusted contact messages. And deepfakes — media that takes a person in an existing image, audio recording, or video and replaces them with someone else’s likeness using AI — could be employed to commit fraud, costing companies millions of dollars.

The solution could lie in “defensive AI,” or self-learning algorithms that understand normal user, device, and system patterns in an organization and detect unusual activity without relying on historical data. But the road to widespread adoption could be long and winding as cybercriminals look to stay one step ahead of their targets.

What are AI-powered cyberattacks?

AI-powered cyberattacks are conventional cyberattacks augmented with AI and machine learning technologies. Take phishing, for example — a type of social engineering where an attacker sends a message designed to trick a human into revealing sensitive information or installing malware. Infused with AI, phishing messages can be personalized to target high-profile employees at enterprises (like members of the C-suite) in a practice known as “spear phishing.”

Imagine an adversarial group attempting to impersonate board members or send fake invoices claiming to come from familiar suppliers. Sourcing a machine learning language model capable of generating…


We've been warning Floridians to be wary of cybercriminals for 25 years | Fred Grimm – South Florida Sun Sentinel

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

We’ve been warning Floridians to be wary of cybercriminals for 25 years | Fred Grimm  South Florida Sun Sentinel


Ransomware: How cybercriminals hold data hostage… and why the best solution is often paying a ransom – 60 Minutes

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

We’re seeing just how defenseless our food and fuel supplies can be to hackers. This month, the largest meat producer in America was forced to close for several days. And that was only three weeks after hackers shut down the main source of gasoline for the East Coast. Both were ransomware, attacks by hackers who break into a computer network and lock it until ransom is paid. Colonial pipeline paid more than $4 million, in May, to get fuel flowing in the East again. As we first told you in 2019, critical public service networks are also targets. Twenty-six percent of cities and counties, for example, report that they fend off network attacks every hour. Perhaps even worse, dozens of hospitals have been held hostage all across the country.

In January 2018, the night shift at Hancock Regional Hospital watched its computers crash with deepest apologies. The 100-bed facility in the suburbs of Indianapolis got its CEO, Steve Long, out of bed.

Steve Long: We had never been through this before. And it’s something that I read in the journals. And I say, “Oh, those poor folks. I’m glad that’s never going to happen to us.” But when you come in and you see that the files on your computer have been renamed and all of the files were renamed either “we apologize for files” or “we’re sorry.” And there was a moment when I thought, “Well, maybe they’re not so bad. They said they were sorry.” But, in fact, they had encrypted every file that we had on our computers and on the network.

Steve Long

Long told 911 to divert emergency patients to a hospital 20 miles away. His staff turned to pen and paper. Nothing electronic could be trusted.

Steve Long: This is a ransomware, so this is a virus that has gotten into the computer system. “Would it have the ability to jump to a piece of clinical equipment? Could it jump to an IV pump? Could it jump to a ventilator? We needed a little time just to make sure about that.”

But time was a luxury not offered in the ransom demand.

Steve Long: “Your network has been encrypted. If you would like to purchase the decryption keys, you have seven days to do so or your network files will be permanently deleted.” And then it gave us the…


The MTA’s Computer Systems Breached By Chinese Cybercriminals

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

New York City’s Metropolitan Transportation Authority (MTA), which runs the city’s bus and subway systems, has disclosed on Wednesday it had its systems hacked in April 2021.

The Metropolitan Transportation Authority (MTA) is a public benefit organization that is in charge of public transportation in the New York City metropolitan area of the U.S. state of New York.

The MTA is the largest public transit authority in the United States, carrying over 11 million passengers on an average weekday systemwide, and over 850,000 vehicles on its seven toll bridges and two tunnels per weekday.

The threat actors, believed to have connections to the Chinese Government, penetrated the MTA network employing flaws in Pulse Connect Secure, a commercial VPN solution that provides employees remote access to their company’s network.

As stated by Rafail Portnoy, MTA’s Chief Technology Officer, the cybercriminals did not obtain access to systems that control train cars and rider safety was not at risk, adding that the intrusion seemed to have done little damage. No access to staff or customer-sensitive data was acquired during the hack.

The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cybersecurity firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss, and no changes to our vital systems.


MTA officials stated the attack occurred at around 8 p.m. on April 20. It said the Cybersecurity and Infrastructure Security Agency, National Security Agency, and FBI informed MTA of the breach.

By the next morning, MTA declared it had executed the required security patches, recommended by CISA, to fix the flaw.

Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing the spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat.


According to a cybersecurity company that collaborates with the federal government, the attack on the MTA did not involve financial requests and instead seems to be part of a recent series of global intrusions by…