Cybersecurity Today – “AI Tools Lead Corporate Data”

Host: Jim Love
Date: October 8, 2025

Episode Overview

This episode of Cybersecurity Today dives into critical developments in corporate cyber threats, from evolving North Korean crypto heists and a major LinkedIn lawsuit to the Clop ransomware targeting Oracle customers. The main focus: new research showing that generative AI tools—rather than email or file-sharing platforms—are now the leading channel for corporate data leaks. Host Jim Love breaks down the threats, their implications, and essential actions businesses should take.

Key Discussion Points & Insights

1. North Korean Hackers Target Wealthy Crypto Holders

[00:03–02:45]

• Shift in Tactics:
  North Korean cyber groups, notably Lazarus Group, are pivoting from attacking exchanges to targeting individual crypto-rich investors, who often lack institutional-grade defenses.
• Scale of Theft:
  According to Elliptic, over $2 billion has been stolen in 2025, accounting for 13% of North Korea’s GDP and directly funding their nuclear and missile programs.
• Attack Methods:
  • Spear phishing
  • Fake investment apps
  • Malware-infested trading platforms
  • Remote developer infiltration to launder funds via legitimate companies
• Reporting Gaps:
  These thefts are often underreported, making the total impact hard to quantify.
• Security Advice:
  Use hardware wallets, cold storage, and strong multifactor authentication.
• Notable Quote:

  “If you hold digital wealth, you're now part of the threat landscape.” – Jim Love [01:41]

2. LinkedIn Sues Over 1 Million Fake Accounts Used for Scraping

[02:45–04:40]

• Legal Action:
  LinkedIn sues Pro API (Singapore) and Netswift (Pakistan) for creating over 1 million fake profiles to harvest personal and professional user data.
• Tactics:
  • Automated account creation
  • Mimicking human behavior to evade LinkedIn’s defenses
• Industry Context:
  LinkedIn’s new focus follows a previous legal loss with HiQ Labs over scraping public data; now targeting fraudulent identities rather than public content access.
• Risks:
  • Scams
  • Spam
  • Identity theft
• Legal Inefficacy:
  Despite lawsuits, scraping services continue operation, highlighting the challenge of enforcement.
• Notable Quote:

  “The scraping industry isn't slowing down and the legal system may not be catching up.” – Jim Love [04:28]

3. Clop Ransomware Gang’s Oracle E-Business Suite Attack

[04:41–06:41]

• Attack Details:
  Multiple companies with on-premise Oracle E-Business Suite installations compromised. Ransom demands reach up to $50 million per victim.
• Exploitation Method:
  • Compromised email accounts
  • Abused Oracle’s password reset process
• Scope:
  Possibly widespread due to a shared vulnerability.
• Oracle’s Response:
  Cloud infrastructure unaffected; attack limited to customer-managed deployments.
• CISA Recommendations:
  Step up asset monitoring, port control, software updates, and privilege restrictions.
• Notable Quote:

  “When credentials fail, the fallout can reach the tens of millions.” – Jim Love [06:27]

4. AI Tools Emerge as #1 Channel for Corporate Data Leaks

[06:41–09:40]

• Research Findings:
  • LayerX report: GenAI apps, mostly ChatGPT, are the main avenue for data exfiltration.
  • 45% of employees use GenAI at work; two-thirds do so on personal accounts (non-corporate).
• Leak Mechanisms:
  • 77% of users paste content directly from emails or documents into AI prompts.
  • 40% of uploads contain sensitive, regulated data (PII, PCI).
• Authentication Blind Spot:
  Most AI tool use is via unfederated, personal logins, leaving IT with no oversight or mitigation ability.
• Security Implication:
  Lack of official, safe AI use means employees resort to shadow IT, increasing risks.
• Recommended Approach:
  • Don’t “become Dr. No”—employees need approved, secure ways to use AI.
  • Federate logins and monitor AI app usage.
• Notable Quotes:

  “If employees don't get safe, approved ways to use these tools, they'll just find their own. And that's often the greater risk...” – Jim Love [09:27]
  “The reality is, the data isn't leaving through attachments or malware. It's being walked out through the keyboard.” – Jim Love [09:36]

Memorable Moments & Quotes

• On North Korean Crypto Thefts:
  “That's roughly 13% of the country's GDP.” – Jim Love [00:27]
• On LinkedIn Fake Accounts:
  “The group used automation and fake identities to mimic human behavior, bypassing LinkedIn security systems.” – Jim Love [03:27]
• On Corporate Data Leaks:
  “77% of employees paste information into AI prompts directly, often copying from documents or emails.” – Jim Love [08:19]

Important Timestamps

• 00:03 – Episode introduction and news highlights
• 00:23 – North Korean crypto theft update
• 02:46 – LinkedIn’s lawsuit details
• 04:41 – Oracle E-Business Suite ransomware attacks
• 06:41 – AI tools as the leading data leak vector
• 09:27 – AI policy risks and practical advice
• 09:36 – “Data walked out through the keyboard” insight

Summary

This episode underscores the rapidly evolving threat landscape: North Korean hackers’ pivot, the arms race over data scraping, surging ransomware demands, and the silent but massive risk of AI-driven corporate data exfiltration. Jim Love’s key message: awareness and basic security hygiene are more vital than ever, but companies must also adapt policies to today’s realities—especially as AI use becomes ubiquitous and risky if unmanaged.