Cyber Security Headlines: Week in Review Summary
Hosted by CISO Series | Release Date: February 7, 2025

1. APTs Leveraging Gemini AI for Enhanced Cyber Operations

In this episode, David Spark introduces the first major topic: Advanced Persistent Threats (APTs) utilizing Google's Gemini AI. According to Google's Threat Intelligence Group, government-linked APT groups across more than 20 countries—including Iran, China, North Korea, and Russia—are integrating Gemini AI to gain productivity advantages rather than developing entirely new AI-driven cyber attacks.

Key Points Discussed:

• Gemini AI's Role: APTs are using Gemini to streamline coding tasks, research vulnerabilities, gather intelligence on target organizations, and develop methods to evade detection and escalate privileges within compromised networks.
• Caitlin Sarian's Perspective: Caitlin Sarian, CEO of Cybersecurity Girl, emphasizes the dual-edged nature of AI technology. She states, “Anything that's good can also be used bad depending on the person that's using it” (00:40). Caitlin advocates for using AI proactively to combat AI-driven threats, highlighting the necessity for cybersecurity professionals to adapt and leverage AI for defensive measures.

Notable Quote:

“Anything that's good can also be used bad depending on the person that's using it.”
— Caitlin Sarian (00:40)

2. Surge in Exploited Vulnerabilities Coupled with Decline in Ransomware Payments

The discussion shifts to a concerning increase in exploited vulnerabilities contrasted with a promising decrease in ransomware payments.

Exploited Vulnerabilities:

• Report by Volnchek: In 2024, there was a 20% increase in actively targeted Common Vulnerabilities and Exposures (CVEs), totaling 768 CVEs. Notably, nearly a quarter of these vulnerabilities were weaponized before their public disclosure.
• Affected Platforms: Significant vulnerabilities were identified in platforms such as Citrix, Cisco, Zoho, and Microsoft.

Ransomware Payments:

• Chainalys Report: Ransomware payments in 2024 amounted to $813.55 million, marking a 35% decrease from the previous year’s $1.25 billion.
• Factors Contributing to Decline: Enhanced law enforcement actions, improved collaboration among organizations, and a growing trend of victims refusing to pay ransoms are cited as primary reasons for the reduction.

Caitlin Sarian's Insights: Caitlin observes a growing numbness among consumers regarding cybersecurity threats. She notes, “There's a lot of numbness around cybersecurity as a whole” (08:51), suggesting that public desensitization may undermine ongoing security efforts. Additionally, she highlights the importance of effective communication strategies to reinforce cybersecurity best practices both for individuals and organizations.

Notable Quote:

“There's a lot of numbness around cybersecurity as a whole.”
— Caitlin Sarian (08:51)

3. Abandoned AWS Cloud Storage Poses Significant Cyber Risks

Another critical issue discussed is the vulnerability associated with abandoned Amazon Web Services (AWS) S3 buckets.

Findings by Watchtower:

• Abandoned Buckets: Approximately 150 AWS S3 buckets previously used for software development and updates were found to be abandoned.
• Exposure: Over a two-month period, these unused buckets received 8 million file requests from various entities, including government agencies, Fortune 100 companies, banking institutions, and cybersecurity firms.
• Potential Threat: If these requests had been malicious, threat actors could have delivered malicious software updates, potentially compromising the affected organizations' AWS environments or virtual machines.

Caitlin Sarian's Recommendations: Caitlin underscores the necessity for stringent asset management practices. She suggests maintaining an inventory of all technology assets to ensure that unused or orphaned resources are promptly decommissioned. “You need to start having like an inventory of all your tech stack and understanding, you know, where everything sits and what everything's going through” (11:51).

Notable Quote:

“You need to start having like an inventory of all your tech stack and understanding, you know, where everything sits and what everything's going through.”
— Caitlin Sarian (11:51)

4. Meta's Stance on Developing High-Risk AI Systems

The episode also covers Meta's evolving policies regarding the development of artificial intelligence systems deemed too risky.

Meta's AI Framework:

• Commitment to AGI: Mark Zuckerberg, CEO of Meta, has committed to making Artificial General Intelligence (AGI) openly available.
• Risk Classification: Meta's New Frontier AI framework categorizes AI systems into "high risk" and "critical risk" based on their potential to facilitate cybersecurity breaches or biological attacks. Critical risk systems are those that pose catastrophic, unmitigable threats.
• Decision-Making Process: The framework relies on expert input rather than solely empirical testing to assess and withhold highly capable AI systems when necessary.

Caitlin Sarian's Take: Caitlin views Meta's proactive stance as a positive development, acknowledging the vast data Meta possesses and the potential risks associated with it. She appreciates the transparency and responsibility demonstrated by Meta, stating, “It's a very responsible way of looking at it while still being innovative” (24:11). Caitlin believes that acknowledging and addressing potential threats is crucial for balanced AI innovation.

Notable Quote:

“It's a very responsible way of looking at it while still being innovative.”
— Caitlin Sarian (24:11)

5. Tribute to Sean Bowen

The episode takes a poignant turn as David Spark pays tribute to Sean Bowen, a valued member of the CISO Series community, who tragically passed away in a parachuting accident.

Highlights of Sean Bowen's Contribution:

• Role: Sean served as the Deputy CISO for Gaming at Microsoft and was a frequent guest on the CISO Series podcast.
• Legacy: Known for his keen insights and quick wit, Sean was a relentless advocate for advancing cybersecurity within the community. His colleagues praise his generosity, expertise, and unwavering support.
• Tributes: David mentions a LinkedIn tribute featuring remembrances from the CISO Series staff and audience, encouraging listeners to honor Sean’s memory.

Caitlin Sarian's Condolences: Caitlin expresses her heartfelt condolences, acknowledging the profound loss Sean's passing represents: “It's always so hard to hear losing someone like that so, so early on” (23:18). She commends Sean’s contributions and the positive impact he had on both the team and the broader cybersecurity community.

Notable Quote:

“He was a relentless advocate for what we were trying to bring to the cybersecurity community here at the CISO series.”
— David Spark (22:00)

Conclusion

The episode of Cyber Security Headlines provides an in-depth analysis of current cybersecurity challenges, including the misuse of AI by threat actors, the fluctuating landscape of ransomware payments, vulnerabilities in abandoned cloud storage, and Meta's strategic approach to AI development. The heartfelt tribute to Sean Bowen underscores the community's resilience and commitment to advancing cybersecurity in the face of both technological and personal adversities.

For more detailed insights and daily updates, listeners are encouraged to visit CISOseries.com and subscribe to the Cyber Security Headlines podcast.

Timestamps

• 00:40 – Caitlin Sarian on the dual nature of AI.
• 08:51 – Caitlin Sarian on public desensitization to cybersecurity threats.
• 11:51 – Caitlin Sarian on the importance of asset management.
• 24:11 – Caitlin Sarian on Meta's responsible AI stance.
• 23:18 – Caitlin Sarian's condolences for Sean Bowen.

This summary encapsulates the key discussions, insights, and sentiments expressed during the episode to provide a comprehensive overview for those who missed the live broadcast.