THE BLOG
-
Mar 09, 2023AI Chat: Friend or Foe?
Recently there has been a lot of chatter around ChatGPL and the Bing Chat platform. These AI engines are being used in a number of creative ways like composing jokes or writing essays in the ‘tone’ of specific individuals. Aside from these recreational uses, the platforms have considerations for cybersecurity as well.
A simple example to consider is the creation of phishing emails. A hallmark tell tale of phishing is broken English or improperly worded phrases. English is not always the first language for phishing groups and using online translations such as Google doesn’t always capture the proper sentence structure. This will change with the new AI engines which will be able to produce perfectly formed emails that remove doubt caused by awkwardly structured emails.
Beyond emails and essays, the engines are also able to write and debug code. This will lower the threshold for attackers to payload a vulnerability disclosure. Similarly, creating custom code to be used in a potentially malicious way may be as simple as a request.
Next, expect attackers to leverage live chat and coercive discussions against targets. Instead of a call from a scammer on the phone, a digitized version of these AI engines will be making the calls. They will sound friendly, familiar, and have all the answers.
The next generation engines promise to be even more sophisticated, which begs the question, how can we protect ourselves from such potential scenarios? In our view, most of the protections will be the same as they are today, but AI will need to be put to use for defense. If an engine outputs a request, that request can be requested again. Comparing the similarities between requests using the AI engines will help to spot fakes. Traditional defenses will need to shift slightly to include more dynamic testing, but the foundations of layers, education, and good operational execution are still crucial.
For the time being, ChatGPL and other AI engines are still on the attack fringes, but they will become more common over time. The key is for security teams to continue to evolve alongside the attacks and react accordingly.
-
Feb 15, 2023DDOS Attack: 5 Ways to Prepare
With a recent wave of attacks performed by Killnet, organizations should be on high alert and be prepared for potential DDoS attacks. A distributed denial of service attack or DDoS typically consists of many remote sources or proxies attacking an organization to render the organization’s services unusable. Because the number of sources can be significant, and the traffic may appear legitimate, these attacks can be difficult to stop.
Below are 5 ways your organization can prepare to mitigate the impact of an attack before an attack happens:
1. Establish a baseline and a threshold for action. Knowing your normal resource usage rates such as bandwidth or application memory will make it much easier to spot the start of an attack. By setting a threshold rate for action, it is possible to avoid overreacting to limited spikes or minor attacks.
2. Limit UDP services externally. Due to the connectionless design of UDP, it is easy to spoof sources and destinations and fire off high volumes of requests to services. These are common targets during a DDoS attack. Specifically DNS and NTP.
3. Disable amplification capabilities for exposed services. A common tactic for DDoS is to request a response that generates more traffic than was sent. By doing this, attackers can consume a larger volume of bandwidth on the victim network than is required to perform the attack.
4. Engage a cloud provider to scrub the traffic before it reaches your environment. There are several players in this field, and they allow companies to divert traffic to them during an attack. From there traffic is ‘cleaned’ and only valid packets are passed along. Note, it is important to tune any protection rules before an actual incident, otherwise there is a risk of unintentional blocking of valid requests.
5. Check for ancillary platforms that may be needed before an attack is mitigated. For example, communications may be impacted, so how would you coordinate a response? Centralized services such as SSO may also become points of failure if they are not reachable, so special considerations may be warranted.
There is no one right response to a denial-of-service attack. As with security across the board, layers are best. Apply as many layers of protection as possible in case you find your organization under attack. Questions? Give us a call.
