Key Kaspersky cybersecurity summit in Sri Lanka reveals new threat vectors in the region and best security practices for an AI-integrated world
Global cybersecurity provider Kaspersky held their annual Cybersecurity Weekend for Asia Pacific Countries 2024 from 4 - 7 August 2024 in Sri Lanka to give an overview of the latest cybersecurity developments and potential threat vectors in the region as well as best practices to address the latest security challenges. Ransomware remains a key threat with the proliferation of AI in offensive roles by threat actors potentially adding to complexity and sophistication in cyberattacks. The world's foremost cybersecurity professionals, journalists, CTOS, executives from key industries and more were given insight and in-depth analysis of the most pressing cybersecurity threats as well as potential challenges with the proliferation of AI by leading Kaspersky cybersecurity experts.
The selection of Sri Lanka as the location of the Kaspersky 2024 Cybersecurity Weekend for Asia Pacific countries highlights the growing importance of the country and Kaspersky's mission to offer comprehensive cybersecurity services to safeguard digital infrastructure for both public and private entities as well as individuals, small and medium businesses (SMBs), midrange and large enterprises and critical infrastructure companies alike.
At the conference, Adrian Hia, Managing Director, APAC region at Kaspersky highlighted how cybersecurity providers and the organisations that employ them need to adjust their cybersecurity posture and be aware of the legal ramifications of the regions they operate in. "For many organisations, the integration of AI is inevitable, with their invaluable ability to process large data sets but stakeholders need to be aware of data compliance especially when combined with the use of AI. Policies need to be implemented into how confidential data is treated and what aspects of that data are accessible by AI while remaining compliant to the laws and regulations that an organisation is beholden to in the area they are operating in." said Adrian.
"Another key concern that organisations must consider in an era where uptime is paramount is cyber resiliency. Best practices for resilience require telemetry and information logging to rapidly identify and respond to incidents as well as a comprehensive incident response policy to ensure rapid recovery in the event of a cyberattack," adds Adrian.
As Director of Kaspersky's Global Research & Analysis Team (GReAT), Igor Kuznetsov has a bird's eye view of the cybersecurity threat landscape. "The most common cybercrime being perpetrated globally is ransomware with threat actors running it like a business (RaaS), with the most common infection vectors being exploitation of vulnerable public facing applications, followed by compromised and brute-forced credentials. An emerging threat that should be accounted for is compromise of supply chains and trusted relationships - half of such cases were noticed after the attack succeeded. In terms of targets, the most attacked industries were governmental entities, financial institutions and manufacturing companies," said Igor.
Also highlighted at the summit was the growing role of AI in cybercrime that are able to enhance social engineering attacks by creating more natural sounding emails and input for phishing attacks, generate passwords, help to code malware and even perform password attacks. The advent of AI also means that cybercriminals can potentially target potential victims with adversarial attacks, by making small modifications to files so that AI systems could be manipulated to misclassify malware as safe files. To further enhance security and detection rates, Kaspersky imitates adversarial attacks on their own malware detection models.
AI-related attacks have a rapid growth nowadays. Some of those still require highly-skilled data scientists and significant effort, but others are already implemented in the public available tools. We can highlight two main parts. First is offensive AI - where adversaries use advanced techniques to speed up their routine or find new threat vectors to implement it. Deep fakes, widely spreading this year, is just one example of it. Second is AI vulnerabilities - some AI models could be forced by adversaries to do restricted or unexpected things. As an example - a number of prompt attacks on large language models appeared last year.
"In Kaspersky we have been researching all these problems for many years to create a reliable protection for our customers." said Alexey Antonov, Lead Data Scientist at Kaspersky. Kaspersky also leverages AI to detect malicious attacks and emerging threats, especially seeing the number of potential malware that occur with 411,000 unique malware samples detected daily in 2024 alone and over 403,000 daily in 2023.
One of the most pressing issues highlighted at the summit was how supply-chain attacks could potentially damage critical infrastructure such as hospitals, banks, airlines and more. This was highlighted when an erroneous software update by Crowdstrike, a US-based cybersecurity company, caused a reboot death spiral, leading to the blue screen of death for over 8.5 million Windows machines across the world and causing an unprecedented amount of financial damage.
"Potential avenues of a supply chain attack on machine learning models would be to manipulate the training data to introduce biases and vulnerabilities into the model or modify the AI models with altered versions so that it would produce incorrect outputs. Since AI is here to stay, such attacks may have unprecedented impact similar to what we have experienced due to faulty software recently, or a problem of a backdoor inside SSH which was luckily averted earlier this year," says Vitaly Kamluk, Cybersecurity expert of GReAT at Kaspersky.
The attack on Linux XZ utilities which became a required dependency of Secure Shell service (SSH) could potentially turn into a backdoor in millions of Internet of Things (IoTs) devices, servers, and network equipment reliant was successfully detected and thwarted in time.
Ultimately, organisations need to plan and ensure mitigation strategies are in place for cyberattacks including cyber resiliency plans, ensure staff are trained against potential cyberattack avenues like phishing attempts, enforce best cybersecurity practices and ensure updated threat intelligence by partnering up with trusted cybersecurity partners who can also ensure defense-in-depth, preemptive protection.
More information can be found at www.kaspersky.com