Cybersecurity Today – “AI Tools Lead Corporate Data”

Host: Jim Love
Date: October 8, 2025

Episode Overview

This episode of Cybersecurity Today dives into critical developments in corporate cyber threats, from evolving North Korean crypto heists and a major LinkedIn lawsuit to the Clop ransomware targeting Oracle customers. The main focus: new research showing that generative AI tools—rather than email or file-sharing platforms—are now the leading channel for corporate data leaks. Host Jim Love breaks down the threats, their implications, and essential actions businesses should take.

Key Discussion Points & Insights

1. North Korean Hackers Target Wealthy Crypto Holders

[00:03–02:45]

Shift in Tactics:
North Korean cyber groups, notably Lazarus Group, are pivoting from attacking exchanges to targeting individual crypto-rich investors, who often lack institutional-grade defenses.
Scale of Theft:
According to Elliptic, over $2 billion has been stolen in 2025, accounting for 13% of North Korea’s GDP and directly funding their nuclear and missile programs.
Attack Methods:
- Spear phishing
- Fake investment apps
- Malware-infested trading platforms
- Remote developer infiltration to launder funds via legitimate companies
Reporting Gaps:
These thefts are often underreported, making the total impact hard to quantify.
Security Advice:
Use hardware wallets, cold storage, and strong multifactor authentication.
Notable Quote:

“If you hold digital wealth, you're now part of the threat landscape.” – Jim Love [01:41]

2. LinkedIn Sues Over 1 Million Fake Accounts Used for Scraping

[02:45–04:40]

Legal Action:
LinkedIn sues Pro API (Singapore) and Netswift (Pakistan) for creating over 1 million fake profiles to harvest personal and professional user data.
Tactics:
- Automated account creation
- Mimicking human behavior to evade LinkedIn’s defenses
Industry Context:
LinkedIn’s new focus follows a previous legal loss with HiQ Labs over scraping public data; now targeting fraudulent identities rather than public content access.
Risks:
- Scams
- Spam
- Identity theft
Legal Inefficacy:
Despite lawsuits, scraping services continue operation, highlighting the challenge of enforcement.
Notable Quote:

“The scraping industry isn't slowing down and the legal system may not be catching up.” – Jim Love [04:28]

3. Clop Ransomware Gang’s Oracle E-Business Suite Attack

[04:41–06:41]

Attack Details:
Multiple companies with on-premise Oracle E-Business Suite installations compromised. Ransom demands reach up to $50 million per victim.
Exploitation Method:
- Compromised email accounts
- Abused Oracle’s password reset process
Scope:
Possibly widespread due to a shared vulnerability.
Oracle’s Response:
Cloud infrastructure unaffected; attack limited to customer-managed deployments.
CISA Recommendations:
Step up asset monitoring, port control, software updates, and privilege restrictions.
Notable Quote:

“When credentials fail, the fallout can reach the tens of millions.” – Jim Love [06:27]

4. AI Tools Emerge as #1 Channel for Corporate Data Leaks

[06:41–09:40]

Research Findings:
- LayerX report: GenAI apps, mostly ChatGPT, are the main avenue for data exfiltration.
- 45% of employees use GenAI at work; two-thirds do so on personal accounts (non-corporate).
Leak Mechanisms:
- 77% of users paste content directly from emails or documents into AI prompts.
- 40% of uploads contain sensitive, regulated data (PII, PCI).
Authentication Blind Spot:
Most AI tool use is via unfederated, personal logins, leaving IT with no oversight or mitigation ability.
Security Implication:
Lack of official, safe AI use means employees resort to shadow IT, increasing risks.
Recommended Approach:
- Don’t “become Dr. No”—employees need approved, secure ways to use AI.
- Federate logins and monitor AI app usage.
Notable Quotes:

“If employees don't get safe, approved ways to use these tools, they'll just find their own. And that's often the greater risk...” – Jim Love [09:27]
“The reality is, the data isn't leaving through attachments or malware. It's being walked out through the keyboard.” – Jim Love [09:36]

Memorable Moments & Quotes

On North Korean Crypto Thefts:
“That's roughly 13% of the country's GDP.” – Jim Love [00:27]
On LinkedIn Fake Accounts:
“The group used automation and fake identities to mimic human behavior, bypassing LinkedIn security systems.” – Jim Love [03:27]
On Corporate Data Leaks:
“77% of employees paste information into AI prompts directly, often copying from documents or emails.” – Jim Love [08:19]

Important Timestamps

00:03 – Episode introduction and news highlights
00:23 – North Korean crypto theft update
02:46 – LinkedIn’s lawsuit details
04:41 – Oracle E-Business Suite ransomware attacks
06:41 – AI tools as the leading data leak vector
09:27 – AI policy risks and practical advice
09:36 – “Data walked out through the keyboard” insight

Summary

This episode underscores the rapidly evolving threat landscape: North Korean hackers’ pivot, the arms race over data scraping, surging ransomware demands, and the silent but massive risk of AI-driven corporate data exfiltration. Jim Love’s key message: awareness and basic security hygiene are more vital than ever, but companies must also adapt policies to today’s realities—especially as AI use becomes ubiquitous and risky if unmanaged.

Transcript

A (0:03)

North Korean hackers shift tactics targeting wealthy crypto holders. LinkedIn sues a Singapore firm for creating 1 million fake accounts to scrape user data. The Clop ransomware gang demands up to 50 million per victim in a coordinated Oracle breach. And new research says AI tools have become the number one channel for corporate data leaks. This is cybersecurity today and I'm your host, Jim Love. North Korean hackers have found a new way to fund their regime by going after wealthy individual investors. Blockchain analysis firm Elliptic reports that hackers tied to Pyongyang have stolen more than US$2 billion so far this year. That's roughly 13% of the country's GDP. Western security agencies say much of that money helps pay for North Korea's nuclear and missile programs. Groups such as Lazarus Group are now focusing on crypto rich individuals who lack the layered defenses of the big exchanges. They use spear phishing, fake investment apps and malware infected trading platforms to drain personal wallet attacks that are hard to trace and rarely disclosed. At the same time, investigators say North Korean operatives are still posing as remote software developers to infiltrate legitimate tech firms and move stolen crypto through corporate channels, a scheme that's helped them evade sanctions for years. Elliptic's chief scientist Tom Robinson warns that many of these thefts are underreported, so the real totals could be even higher. The message is clear. If you hold digital wealth, you're now part of the threat landscape. Protect it with hardware, wallets, cold storage and multi factor authentication. And if you're a company, continue to exercise vigilance in the use of any remote workers. LinkedIn is taking a new approach in its fight against data scraping. This time it's targeting fake accounts. The company has filed a lawsuit in California against a Singapore based firm called Pro API, accusing it of creating more than 1 million fake profiles to collect personal and professional data from real users. But Pro API isn't acting alone. LinkedIn is also naming a Pakistan based technical enabler called Netswift as co defendants, alleging they helped build and and operate the scraping network. The suit claims the group used automation and fake identities to mimic human behavior, bypassing LinkedIn security systems to harvest massive amounts of user data. The move marks a shift for LinkedIn. After losing an earlier court battle with HiQ Labs over scraping public data, it's now focusing on the use of fraudulent accounts, an area where it feels the courts might be more sympathetic. LinkedIn says that the operation undermines trust and open users to scams, spam and possible identity theft. But despite the lawsuit, Pro API's website still advertises its data access services as live and available. It's a reminder that the scraping industry isn't slowing down and the legal system is may not be catching up A coordinated ransomware campaign targeting Oracle's E Business suite is hitting some of the world's biggest companies, and the ransom demands are staggering. The attackers linked to the Clop ransomware gang have reportedly infiltrated multiple organizations running the on premise version of Oracle's enterprise software. Executives began receiving ransom demands on September 29, with some reaching as high as $50 million US that's per victim, according to cybersecurity firm Halcyon, which is helping to investigate. Investigators believe the hackers abused compromised corporate email accounts, had exploited the password reset process to gain valid credentials for Oracle's E Business suite portals. That simple but effective tactic may explain how so many installations were compromised so quickly, but it also raises some questions about whether a shared vulnerability exists that connects these cases. Oracle says its cloud infrastructure wasn't affected, since the E Business suite runs on customer managed services. Still, the scope and size of these ransom demands make this one of the most significant extortion campaigns of the year. Year CISA has urged organizations to step up basic security hygiene, take inventory of all assets and data, distinguish between authorized and unauthorized traffic, monitor network ports, install software updates promptly, and grant system administrator privileges only when absolutely necessary. Because, as this campaign shows, when credentials fail, the fallout can reach the tens of millions. Finally, new research says that the biggest leak in most companies isn't email or file sharing anymore. It's AI tools. A study by LayerX reported by the Hacker News finds that generative AI apps have become the number one channel for corporate data exfiltration. And it isn't sophisticated malware doing the damage. It's ordinary use. 45% of employees are using Genai, mostly ChatGPT, and 2/3 of that activity happens on unmanaged personal accounts where security teams have zero visibility. The leak paths include both files and text. 77% of employees paste information into AI prompts directly, often copying from documents or emails. Text based entries, uploads and even paraphrased content expose regulated data. In fact, the report found that about 40% of those uploads contain personally identifiable information, or PII, or payment card information, PCI data that's legally protected in most jurisdictions. And there's another blind spot authentication. The vast majority of AI users are using logins that aren't federated, meaning employees are using personal credentials that corporate IT can't monitor. If those AI and business accounts were federated, tied to the company's identity system, security teams could at least see what's being accessed and flag risky behavior before data left the organization. And that's why experts warn against becoming Dr. No when it comes to AI. If employees don't get safe, approved ways to use these tools, they'll just find their own. And that's often the greater risk, because the reality is the data isn't leaving through attachments or malware. It's being walked out through the keyboard. And that's our show for today. You can reach me with tips, comments, or even constructive criticism. If you like, you can reach me@technewsday.com or ca. Use the contact Us form. If you're watching this on YouTube, just drop me a note under the video. I read them all. I'm your host, Jim Love. Thanks for listening.