Josh Stepp
Josh Stepp
Nation-State Hacking, Cybercrime, and AI
0:00
-50:01

Nation-State Hacking, Cybercrime, and AI

An Analysis of 2024 Trends in Information Security

Each year, when the Global Threat Reports roll out, it’s a great opportunity to spot trends in Information Security. For me, I enjoy the different perspectives from the various organizations that produce these reports as not everyone has the same insights and telemetry.

This year I wanted to highlight two reports in particular.

Elastic’s 2024 Global Threat Report

Microsoft’s 2024 Digital Defense Report

A brief outline and all the links mentioned or utilized for this post is below.

Topics Discussed:

  1. Blurred Lines Between Nation-State and Cybercriminal Activities

    How state-sponsored actors, including those from North Korea and Iran, increasingly adopt criminal tactics for financial gain, with North Korea using cybercrime to fund its nuclear and missile programs.

  2. Generative AI and Its Role in Cyber Threats

    A deep dive into the uses of generative AI by both defenders and attackers, including the development of sophisticated phishing scams, influence operations, and automated malware production.

  3. Commodity Malware and Open-Source Tools

    The use of off-the-shelf hacking tools like Cobalt Strike and Sliver, which simplify cyber operations for threat actors. Josh explores how these tools blur the line between advanced and lower-skill attacks.

  4. Social Engineering and AI-Powered Phishing

    Insights from the reports show how generative AI enables more tailored and realistic phishing campaigns, amplifying the effectiveness of social engineering at scale.

  5. State-Backed Influence Operations via AI

    Case studies of AI-driven influence campaigns, including Russia’s deepfake audio tactics in Slovakia and China’s misinformation campaigns, demonstrate AI’s role in sowing discord and manipulating public perception globally.


Links and Resources:

  • https://www.elastic.co/resources/security/report/global-threat-report

  • https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

  • https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

  • https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine

  • https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver

  • https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

  • https://attack.mitre.org/groups/G0138/

  • https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming

  • https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a

  • https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises

  • https://www.reuters.com/world/us/accused-iranian-hackers-successfully-peddle-stolen-trump-emails-2024-10-25/

  • https://www.reuters.com/world/us-issues-iran-related-sanctions-over-election-interference-2024-09-27/

  • https://www.npr.org/2023/09/28/1202110410/how-rumors-and-conspiracy-theories-got-in-the-way-of-mauis-fire-recovery

  • https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html

  • https://securityintelligence.com/articles/malicious-ai-worm-targeting-generative-ai/

  • https://cert.gov.ua/article/6278521

  • https://cloud.google.com/blog/topics/threat-intelligence/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor

Discussion about this episode

User's avatar