Alright. Hey there. Good morning. Good afternoon. Good evening, everybody. Thank you for joining us on this, Wednesday for the discussion of our twenty twenty five threat report.
We're really excited to kinda dive into this and show you what we learned about the twenty twenty four year interview and what we expect in twenty twenty five and beyond. My name is Wyatt Bond. I'm the product marketing manager here at Deep Instinct. I'm gonna be your host to kick off this webinar, and then I'm gonna turn it over to some of our experts.
Joining me today are Brian Black, Deep Instinct's VP of cloud technology and ecosystem, and Ivan Khosroev, one of our incredible threat intelligence researchers.
Before we start, we're gonna take a quick look at the agenda, and then I'm gonna hand the reins over to, Brian and Ivan to take you through some of the really interesting things we learned from the last year.
To begin with, we're gonna talk about the rise of dark AI.
Super interesting stuff there, about the way that criminals are utilizing different AI models to generate malware and empower their attacks.
From there, we're gonna move into talking about ransomware. Obviously, it's something that is on everybody's minds these days. And we'll talk about ransomware as a service and how that's growing, how much of, the cybercrime they're responsible for, and what some of the biggest players in that space are. And then finally, we'll talk about cybersecurity in twenty twenty five and beyond. And this is where our experts really shine. What's gonna happen through the rest of this year? What's gonna happen next year?
So on and so forth. So it's gonna be a really interesting discussion. And then at the end, we're gonna take your questions, try to provide answers where we can, and hopefully set set you up for success, in the coming years.
So let's move right into it. I'm gonna turn it over to Brian now.
Thank you. So we definitely wanna start with the rise of dark AI. When we think about the trends that we're looking at both in twenty twenty four and twenty twenty three, twenty twenty five, twenty twenty six, etcetera, as we move on, this is probably going to be the largest threat vector that we're going to encounter simply because of how easy, ransomware and malware in general is now to create.
So when we think about dark AI, we have to first, well, define it. And we define it as, artificial intelligence systems designed or used for harmful harmful, unethical, or malicious purpose.
There's a lot of LLMs, large language models that exist. There's SLMs, small language models that exist, sub, fifty billion parameters that we'll say. And then, of course, you have the chat GBTs of the world that are north of, a trillion parameters. So it really comes down to what is what are the ethical barriers? What are the moral guidelines of the LLM? And if you remove those, what is it actually capable of? And that's really what we see now.
In fact, that third bullet point really strikes, strikes with me because a twenty twenty four study from the University of Indiana showed that there were thirteen thousand, greater than thirteen thousand dark AI models available on the dark web. But you really don't have to go to the dark web to find these types of models as you're gonna see in a couple slides.
It's actually well over fifteen thousand models now that are available. And as you can see in their study, in their research, ninety three, point four percent were capable of malware generation and, forty greater than forty percent capable of producing phishing emails. And this is where we start to see that kind of ramp up of these types of attack vectors.
And this is why organizations today, at least in conversations that I've had with them, have said that it really feels like the threat actors are supercharged. And this is kind of the prevailing belief from a lot of CISOs that I've spoken with. And their SOC teams are simply overwhelmed. DeepInSync did a SOC report last year where it showed just a staggering level of individuals that were burned out, tired, really stressed out from trying to manage this huge volume of attacks. And this is why we have to start leveraging this idea of of AI against AI fighting fighting fire with fire, if you will.
And the trends are obvious.
When we rely on detect and response, we're letting the thing happen. It's a presumed breach mentality. And if we're looking at, you know, signature based, reputation based, or even the traditional ML of the past ten years, it simply can't keep pace. When we're talking about some of the dark AIs that are available from you see three examples up there now. You're going to see more, a little bit later.
But this has really been a challenge, and this is why we're starting to see SOC organizations essentially get to a point where they are overwhelmed and they can't continue to keep up. And that's a problem that I think everyone is dealing with right now.
All organizations across really every vertical from financials to health care, manufacturing certainly is experiencing as well as we start looking at, disruptions in, supply chain, which have been much more prominent simply because if we kinda think about it as threat actors a lot like a lot like water. Right? They they go to the to the weakest point. They're always going to flow the point path of least resistance to to get where they're trying to get to. So when we've hardened the exterior, when we've hardened the endpoint, they're now looking at storage. They're looking at cloud storage or on prem storage in NAS environments. They're certainly still ramping up their phishing capabilities, and we're gonna talk a little bit about that shortly.
But as a result, that risk exposure continues to grow as we moved throughout twenty twenty four into twenty twenty five and as we ultimately move into, the next coming years because they're just they're simply empowered by these tools now. And, it's led to a a huge divergence in what we're able to stop or were able to stop when we were using these much more traditional approaches, ML, AV, reputation, EDR, things like that. The kind of approaches of the past decade simply don't work today, and we're seeing that in the number of threats that are increasing.
And when it comes to some of the ones that are available, and, Ivan can certainly give some some, context around this, but a few that we've seen, worm GPT, hack GPT or pen test GPT, freedom, poison, stopwatch, and of course, you have the Ollama framework.
This is kinda cool from a intellectual perspective in the sense that you can install Ollama. And from there, you can install any number of uncensored g p t any number of uncensored LLMs that are available. I've been, you know, experimenting with, llama two uncensored and, it's command line, but it is a an LLM that will respond without ethical boundaries, without, any type of of morale basis, etcetera. And it's also to one point, important to point out that not all of these are found on the dark web where it might be difficult to get to or you have to, you know, pay a shady, organization with Bitcoin.
The Ollama framework can be downloaded from, you know, GitHub or Hugging Face. The various LLMs that are available out there are available that you can install within the Ollama framework are available on GitHub or Hugging Face.
And this is, I think, really important is that when we start talking about the democratization of malware, no longer do we have to, you know, browse through the dark web to find some of these tools. They're available on Google, and they're easy enough to, they're they're easy enough to to to find in that regard.
And with that, I know, Ivan, you have a very interesting and unique perspective.
Would you mind jumping in when it comes to the capabilities of some of these dark AIs?
Yes. Yes. So, like you said, there are, the all the, malicious models themselves and also an interesting, way to work with them that you can, start with the one of the malicious ones. And if it's not, capable enough or it doesn't have enough, enough, training data or the LLM itself is not good enough, you can stop there and then use, a regular, open like, one of the legitimate legitimate, LLMs to, refine your scripts, fix bugs, help you make it more stealthy, cause it more obfuscation so you can bypass, various security solutions.
There are security guardrails in the regular LLMs like, ChargePT and, the rest of the, open source LLMs or closed source LLMs. But once you have, starting, starting malware, you can use them, like, to enhance their abilities. So you can, combine. And, also, apart from that, as you can see, my team here, we we try to develop, like, to do the full attack, from reconnaissance regarding the cell certain organization.
Let's say you have an organization in mind and you want to attack it. You can get a lot of information using the LLM and also combining your own, abilities to try to collect as much information as you can, like, maybe from, different sources like, you know, LinkedIn. And you get the information from there. You use the LLM to write you a very specifically crafted, phishing email that you can use to to then attack that organization.
And, also, because of these LLMs have, their writing skills are way higher. So it enables, people with low, English skills and low, technical skills to be able to upper their their game significantly and have we have an example of it in the in the next slides.
So here you can say the full attack chain from reconnaissance, weaponization, you can, get, shell codes or, like, payloads that you can insert in your attack.
And then the delivery, exploitation, installation, all of those, all of those, points, you can use LLMs to help you. Even to the point of we you can use the LLM to drive. Let let's say you're you infiltrated the system and you want to get commands, like, to understand how to laterally move to other computers and deploy your ransomware. You can actually get the LLM to write you all the commands that you would need to execute to get into those next systems.
My, other team member, he he actually left the computer with an LLM to try to execute commands in the Linux computer, and he saw that, the LLM wanted to get certain packages. And after he he got to his computer after leaving it for a couple of hours, he discovered that the LLMs started to download various packages, doing LS and traversing to the directory structure. It was pretty scary, actually.
It's he started to do it all by himself.
So, yeah, the the potential for, for this is amazing. And I want to also, say a couple of things here.
Here. I wanted to jump a bit, for a photo.
Yeah. Also Before before you jump in real quick, I think the two things that I wanna emphasize that you just said that I think is really important is the first phishing expertise.
It wasn't that long ago that we could, identify a phishing attack. Bad grammar, idioms that weren't used in in local conversation of the area that was being attacked or the company that was being attacked. Poor spelling was obviously the easiest one. We've all, you know, made those jokes and, over the over the years that we've seen the same bad spelling over and over again.
All of that has vanished today, simply because now if I wanna target a specific industry, if I wanna target a specific region of the world, a specific language, I can use local idioms. I can call out local sports teams. And as Yvonne mentioned, I can do my reconnaissance to see, you know, did you just go to the latest soccer game, football game, baseball game, etcetera?
I can determine, you know, what your passions are from LinkedIn. Do you list fishing? Do you list boating, skiing, something to that effect? And I can hyper target my attack per individual, individual by individual across an entire organization.
And I think that that's important because it makes it a lot harder to tell. As humans, we rely on our ability to kind of detect nonsense and and be able to look at something and say, this this doesn't feel right. And a lot of these tools are making that a lot harder. And I also really like what you said about, you know, using legitimate LLMs to optimize things.
I see this every day in kind of playing around and writing code and working with some of these dark AIs. They don't often produce, you know, perfect code. There's been a number of times when I've written, you know, really what I felt to be really specific and and and comprehensive prompts, and some of these dark AIs have delivered what looked like fantastic code. If I take that same prompt and drop drop it into chat g p t, it says there's no way in heck I'm gonna help you, you know, develop this.
But if I take the code and drop it into chat g p t, and I say, hey. Can you point out all the flaws in this code or can you make it more advanced? It has no problem helping you. It will say, absolutely.
First of all, you know, your your decryption key can be identified from the string, so let's, obfuscate that. You're, you're using a a weak form of, of c two callback here. We can, you know, run it through a tour network maybe, and we can make it a lot more, obscure to to identify or or difficult to trace. And then when you say, hey.
Those are some great suggestions. Would you mind, build rebuilding the code with your suggestions? It says absolutely can help. And and it and it will produce that.
And, you know, ChatDBG is a very impressive coder, so it will turn out far better work than some of the dark AI. But the dark AI can get you started on on that path.
Yeah. Yeah. It's a great, bypass for, all the security guardrails.
And here, I wanted to, bring your attention to, one of the, AI powered malware that we discovered and also other, people, published about them. And this is a suspected Russian group of kids.
They use a lot of swear words and angry and racist comments, and we we discovered they look like, regular script kiddies. But the thing is that they are AI powered script kiddies. So what do you see that they have they claimed over eighty five victims.
It was the top, ransomware group for December of two thousand twenty four. And, it's this is an amazing example of how, a bunch of kids took the power of various AI tools and were able to up their game significantly and became a serious threat and a serious, player in the ransomware, in the ransomware groups.
So, most of them are, inexperienced, and they also, demand the relatively low ransomware.
So I I imagine that they got a lot of their ransomware demands.
And Interesting.
I, and I'm glad you used that word script kiddie just now because we're starting to see the early stages of return to the nineties, if you will.
Back in the nineties and early parts of two thousands, there were certainly a lot of script kiddies. These were individuals who they themselves could not write code. They themselves did not understand how to exploit different vulnerabilities.
But what they could do was run someone else's code, and they could run it really well. And many of them compiled very vast and very impressive libraries of other people's code that they could use to attack various organizations.
That has largely gone away over the past ten to fifteen years simply because the defenses we had in place, you know, powered by machine learning, powered by EDR was very good at stopping the amateur. They certainly struggle to stop the professional. That's why we start to see the rise of those APT groups that we're all familiar with and the rise of professional threat actors.
But now that we see a whole new group of individuals being powered by dark AI, we are kind of returning to that error of the script kitty where they themselves cannot, you know, develop code from an instruction perspective, but they can do it from an intention perspective. They can they can outline to a to an LLM what they want to accomplish.
And through massaging of that prompt and through, you know, massaging of the code itself when it's ultimately developed for the first time, they can get something that's that works and is destructive.
But keep in mind that they're not after, you know, Bitcoin. They're not after that type of of reward because quite frankly, they don't know how. Not to say they don't understand how cryptos work. I I'm sure they do.
But they have no idea how to receive it and keep it hidden from the FBI. They have no idea how to move it. They have no idea how to withdraw it into a local currency. Those are just skills that they don't possess when it comes to avoiding, you know, global law enforcement.
So as a result, they look for pure destruction. They look to get their name in the news. They want, some news organization to say x y z company was taken offline by a threat group, all data destroyed, and they went back to pen and paper.
That's a huge rush for a lot of script kiddies. We saw it, you know, when, you know, back in the days when anonymous, if you all remember them, when they were very prominent, they weren't ransoming. They weren't requesting money. They were simply taking sites offline knowing that the news was was going to report on every one of them, and that's where they got that thrill from. And powered by dark AI, we're it's kind of seen a return to that. More and more code that we're finding on the Internet has no no purpose for ransom. Its purpose is destruction.
They want to get their name repeated on the news cycle, as often as they can. So powered by dark AI, there's a whole new classification of threat actors, rising that we haven't had to deal with in a very long time simply because the tools that we were using of the past, reputation, you know, traditional ML, EDR, those tools were at the time good at stopping the amateur. But now the amateurs are empowered by a lot of these tools that, you know, as Yvonne's mentioned a few times, has up leveled their capabilities dramatically.
And that's when we start getting to the trends, if you will, of of ransomware.
The scary part that we're showing in the report is the thirty percent increase, in in overall global cyberattacks, as of, q two, twenty twenty four. This is really important because one of the kind of depressing, scary things that I've seen throughout, my career is the amount of spend that companies are doing to stop attacks continues to climb every single year. Every organization is constantly requesting larger budgets, though though not always getting it. But overall, the spend continues to increase because where there was a time we just needed those, you know, big solid firewalls, then we started needing the endpoint and then we need to protect cloud, and then we've got the IoT devices that we that we have to worry about.
The BYOD devices when it comes to, you know, individual cell phones and smartphones that can receive email or, you know, sign DocuSigns or something to that effect. The landscape and the and the, threat vector continues to grow. Spend continues to grow. But I always look at it and I say, if spending all of this money worked, we wouldn't see a constant increase in a tax year over year.
Yet, unfortunately, for the past twenty years, that's exactly what we've seen. Every single year is more detrimental than the year before it. So there's no end game to the spend. No organization out there has infinite money or infinite resources.
You simply can't hire enough humans. You can't spend enough money, and the threat actors continue to advance. And I think this is really important because it means that we have to start approaching this problem in a fundamentally different way. We can't keep trying to brute force it through responding to these attacks.
We have to stop them as quickly as possible. We have to be preemptive about it as you're gonna see Gartner say.
And we also have to take a look at the verticals that are being attacked because there was a time when organizations went after the financials, because they had a lot of money and they tended not to want the problems, not to want the publicity, they tended to pay and move on. Those days are over. We're now seeing attacks more or less uniformly.
And this is true, amongst all, cyber reports from a variety of companies that I've read. We're seeing these attacks more uniformly across all verticals.
I will never forget a conversation I had, back in the teens, when I spoke with the company and the response was, look, I get it, but we just sell hammers.
And he's like, we're we're never gonna be a target. That company has since been compromised twice, in in the past four years. And I think this is important because there is no one safe. And, unfortunately, you're gonna see example of that shortly.
And we're as we talk about ransomware as a service and why these attacks are becoming so prominent.
The United States is still the major target when it comes to these types of, these types of attacks. Although, the the one statistic there on the right, I think, is worth pointing out that, France did report a larger percentage of organizations affected by ransomware at seventy four percent. I want everyone to think about that number real quick.
Three quarters of French organizations have been hit by ransomware.
Not all successfully in the sense that they had to pay or the data was was not able to be recovered.
So the threat actors did not have a one hundred percent success rate, but that is a heck of a target, target rich environment that they're going after. But when it comes to just raw numbers, the United States leads the charge when it comes to organize the sheer number of organizations being hit. And it should come as no surprise that q four is the most dangerous time. Why? Because the United States is essentially in its buying season. Credit cards are heavily in use.
Companies are performing transactions at an absolutely voracious rate. And as a result, a lot of people are overwhelmed.
There's a lot of people who, are are are trying to take time off, for the various holidays. And as a result, there's less individuals to oversee a an increasing threat factor or an increasing, target rich environment.
So that makes it a little bit challenging. So q four definitely is the most dangerous time when it comes to ransomware attacks.
Another big challenge that we tend to have is at this time, uptime is more important than anything else for organizations.
Many of you listening on this, webinar, have freezes during this time. You have network freezes during this time. So as a result, you can't put anything new into the network. You can't update certain things, and to get anything done is, is very difficult.
Threat actors know this. They are aware of our modus operandi. They know how the United States businesses operate during this time. So as a result, they know that if they can launch a sufficiently impressive or disruptive enough campaign, it's difficult to make the changes because all the business is thinking about is uptime, uptime, uptime.
We must be available for the customers during this period.
And as a result, the threat actors know that US businesses' ability to respond, becomes diminished during this time period.
And as we see just over the last three years, it continues to climb.
This is something that I mentioned where, we have to constantly be cognizant of the fact that the threat actors do not rest on their laurels. And if you think, you know, hey, we all the threats of last year, we could have stopped, you know, with what we had. Are you prepared for the threats of today? Because we have to think in terms of the threat of today because that's how quickly it's moving. And I think that that's something important that we need to think about.
Ransomware as a service is absolutely fascinating to me. I'm gonna let Yvonne kinda take us through the next couple slides. But what I think is interesting here is that the threat actor has gone professional.
They, they've learned how to distribute their capabilities to the point where now no one individual group within the entire service platform is performing the attack. You have data brokers. You've got the actual threat actors. You've got third party negotiators.
And if all of these resides, reside within different groups within different countries, it makes it much harder for law enforcement. But, Ivan, would you mind taking us through what you've seen?
Yes. Yes. So, because, most of the hard technical work was done already by the threat actors themselves, the malicious malware developers, and the all the operation behind it, like the infrastructure and and the tools. And, because of that, they can there a lot of more people could use, these tools to attack, various organizations. So, they, ransomware as a service models, have, four common, revenue models that, like, like, a monthly subscription, affiliate programs that, twenty to thirty, percent of their ransomware goes to the developers or just, profit sharing, just, even split or one time purchase. So you these days, attackers everyone can just use these services if you have enough money to stop the operation or even he hasn't any money. You can you can just get into it if, usually, it's the attacker himself and the ransomware developers are doing different kinds of responsibilities.
So the attacker himself needs only to infiltrate the system in some way. So he can buy some credentials in the dark net, or he can just, use only, social engineering and phishing to be able to infiltrate the system, from the initial stage. And from there, once he deploys the ransomware, he doesn't need to do anything for the back end. So he only needs, I imagine, some, cryptocurrency wallets and stuff like that. Apart from that, I think it was it's, it's dealt with the, ransomware operators from there. So, the negotiations and the infrastructure for that is from the, ransomware, the, from the ransomware as a service, service.
Before before you move on, you you just said something that, made made me smile a little bit because I I wasn't aware of that.
Did you say monthly subscription?
Do I do I have my Hulu, subscription to to pay for this?
Yeah. They also I I heard of, instances where they just take a monthly subscription and you get all the service and you just need to deploy the, ransomware itself.
That's their play.
I'll I'll definitely let Yvonne speak to this as well.
But you're gonna hear something when we get into who the, who the target was, and I think it's it really emphasizes the the fact that these are the bad guys.
It doesn't matter how professional their organization is. It doesn't matter how, you know, honorably they may or may not deal with you.
The fact is they are the bad guys. And if you think I won't be a target because I'm x.
Yes. You will.
Because they're not they they don't care who who you are. They don't care about the organization that you run. They only care about were you an easy target and can you pay. Yvonne, would you mind taking us through this example?
Yvonne?
Okay. Just a moment.
It looks like, he's reconnecting. There he is.
There we go. Yes. Sorry. Sorry, Yvonne. Would you mind taking a serious example?
Yes. Yes. So, if you can see in the in the screenshot here, the Akira ransomware group attacked, a rental group. Maybe it's one of its affiliates. We can't really know. But, there's a they attacked a homeless, women shelter, and, the the they said, like, we are a nonprofit, free service for who who, homeless women. This is a terrible thing.
Why why would you do that? Like, and I I kept reading it, and it was fascinating. They, like, they were forced to pay the ransom in in the end. They tried to lower to the to fifty thousand dollars, and eventually, the they negotiated and came to, hundred thousand.
And, and afterwards, the attacker sent a decryptor, deleted the files from their service, and didn't, how do you say it? Didn't, like, leaked all the information.
And, and also they gave them, pretty good, tips to be safe from other ransomware groups. So I I hope they, they implemented all the advice that the group, told them and also explained how they infiltrated their system, how they use the reused, various credentials that, they they found.
And, yeah, that's, there's countless of these negotiations that you can read and I read a couple of them. It's interesting to see how they will they, they actually stole all the emails and they were able to understand the financials of the company in order to give them a ransom demand that they believe they believe they can pay. So they each each victim got a different offer. The offer, it was based on the information they stole, the financial information they stole after infiltrating the system. So it's scary. They they have pretty, intimate knowledge of the company after leaking all that information.
Wow.
That's brutal.
And, of course, there's a number of groups out there.
How many do we know that that we have tracked or how many do you know that, that operate?
Wow. There are countless, but, let's say, like, the the main ones, these days, the check the the the main ones are LockBit, RansomHub, this, Dispose, Esso, Play, Hunters International. These are the top ones that have huge numbers of attacks, and they get the I remember from the previous group, Conti, they had, like, two million, dollars a year of revenue or just income may maybe yeah. You can call it revenue.
So, yeah, it's like, and also I wanted to say a couple of things regarding, Conti.
The group, also the the Conti leaks, showed us a lot of, intimate information about the group itself. Also, how they talk to each other and also how they resemble, a regular high-tech group, a high-tech company. Like, they have HR, they have fun days, they they have, technical support, and and they also even buy security products in order to test their malware against them. So that was fascinating for me to see how, they have their own chat channels that they talk to each other, and it's it's very similar to a high-tech company. I was shocked to see that.
Alright. Now it's good good to see a threat actors coming into the twenty first century. Do wait. Is that good? Do we wanna see that? I don't wanna see that.
The less advanced they are, the better. Alright. So that leads us to what's next. What can we kind of quote unquote look forward to if you will?
So the first challenge that we've seen is that, cybersecurity providers themselves are not immune to attack. And it is true. In fact, they are often the target. This is something that we've seen ramp up over the last, several years. Now I will say this, each and every one of the ones shown on screen, handled the the challenge that they had, in an unbelievable way. They responded extremely quickly.
But it's important to note that any delay is that window of opportunity that threat actors exploit, and we know this. There are many, you know, attacks out there. There are many types of threats out there that may only exist for hours in the wild. But if you cast a large enough net, those few hours are all you need to be successful against a single organization or against a a couple dozen. And if everyone is willing to pay that hundred thousand or a million or more, you run into some of these, huge dollar amounts that these threat groups are are able to pull in.
I mean, it was I I believe the total number was, it exceeds a billion dollars last year alone. So a number of cybersecurity companies themselves are often the target and for a variety of reasons.
First and foremost, maybe they're too good.
And that sounds like a silly take or an odd take, but there are times and and we've actually seen this where threat actors have gone after cybersecurity companies simply because they need to degrade their reputation in the market.
Simply so other, companies won't purchase them because they've been, you know, pretty successful at stopping the threat actors. Sometimes threat actors go after cybersecurity companies simply to show that they can and that, it's kind of, attacking the the castle if you will. And saying, you know, you think you're you're you're safe and protected there but but you're not from us. So there's a number of reasons why, these these, variety of organizations. I mean, there have been dozens that have, come under attack over the past several years. But cybersecurity companies will continue to be a very prominent, a prominent target to to a lot of threat actors.
And that brings us to preemptive security, a little converse, a little word that I I hinted at at the beginning.
This is directly from Gartner. With the increasing use of generative AI by threat actors, hyper automated cyberattack prevention solutions are vital for neutralizing threats before they cause harm.
We at DeepInSync, we couldn't agree more. That is the entire premise of the company. That is exactly what it is we do.
We are a preemptive security tool utilizing deep learning. Deep learning, of course, that same type of AI that has brought us the, the tools that threat actors are using today. That's why when we say fight AI with AI, that's exactly what we mean. The old ML models, feature extracted models, they simply don't work anymore. We have to enter into a deep learning world because that is exactly what you are being attacked by. And I think that that's important.
This idea that we can, you know, detect and respond and you see there on the right constantly evolving threats are challenging traditional detection and response strategies. Of course, they are. They can be mutated too quickly. They can be too focused on a specific, attacker. As Yvonne mentioned, a a tremendous amount of reconnaissance can now be done on a on a target.
We saw a, piece of malware not that long ago that specifically targeted a a, an individual EDR vendor, by going after shadow copies, knowing full well that that is the technique or one of the techniques that, that particular vendor use utilizes to roll back from threats.
It's it's getting easier for threat actors to target specific models, specific ML models simply because they're largely static.
DL models are very, are very intuitive.
That's how, you know, chat g b t works. It is a deep learning model. That's how self driving cars work. They are deep learning models, and that's why they have the ability to react so fast to zero day events like, an animal running onto the middle of a street or rounding a corner and a tree might be, across the road that was never there before. To that model that's in self driving mode, that's a zero day tree, and it has to react to that in milliseconds to keep its its passenger safe. And that is exactly what, you know, DeepInSync does utilizing deep learning. We react in milliseconds to keep our customer safe in an ever evolving landscape.
And that's what deep learning does. And I think that this is kind of important to to talk about definitely because the natural capability of deep learning is to always increase its efficacy while always lowering its failure rate just like a human does.
When everyone listening to this webinar was learning to speak a first or second or third language or play musical instruments, you were terrible in the beginning. We all were. But through exposure and repetition, your efficacy started to come to a hundred percent, though maybe never achieving it. But your failure rate start to fall to zero percent, though again, maybe never achieving it. Lord knows I misspeak all the time.
So I think that that's important because deep learning does the same thing. Through exposure and repetition, its efficacy continues to climb where its failure rate continues to fall. And as a result, it simply understands what the the world that it's designed for. In self driving car cases, it understands the visual world.
In our case, it understands binaries, both, malicious and benign. And that allows to have that type of capability to identify things in sub twenty milliseconds or in many cases, sub ten milliseconds in order to stop a threat even if it's never seen that threat before. And it does it without sandboxing, it does it without signature, it does it without, any any time delay or or a need for a human to step in and and help with that. And let me tell you, it's been a a very welcomed respite in many socks around the world as, they actually can take a look at prevention now.
And I think that that's a that's a that's probably a good thing.
But the key takeaways from the report, and I certainly encourage everyone to, to download the report, and I believe it's attached even to this webinar. But cyber attacks are going to continue to grow. Ransomware as a service groups will continue to grow in sophistication, and the ransoms are going to get bigger. Why are they going to get bigger?
Because you don't have a choice and they know you don't have a choice. Just like we saw within that nonprofit example, everyone on this webinar wants to say they would have done the right thing. Well, the right thing is not to attack them in the first place. But the point is if the bad guys know that they're going to win, they're going to press their advantage.
And we've seen that now for years and it's only ramping up. And dark AI, those LLM capabilities are absolutely being integrated into attack. There is no question about that. We must have a preemptive strategy as we move forward throughout the twenty twenty five year and, and and beyond simply because the threat actors can move quicker than than we have been able to in the past.
And that's why adopting preemptive strategies is so important utilizing the most advanced AI that's that's available in the market right now.
So I know we've got a number of questions in here. I'll kind of go through them. There are a few that I definitely want to, address. And the first one is is interesting to me. It's, how honorable are the hackers in negotiations?
I like that question.
The truth is there it certainly varies. And, again, I always wanna emphasize, they are the bad guys. You are dealing with a negative entity here. So honorable, let's put it in quotes.
It is in their best interest to negotiate fairly and to negotiate, in a way that leads to the outcome that that you desire. I mean, the the obvious outcome that you desire is pay nothing and give me the key to decrypt my stuff. But the truth is there's probably going to be a transaction here, And it's in their best interest to play fair simply because they want the next organization to play fair too. If they intend to be around for a long time like the lock bits of the world, then you're gonna have a pretty fair and honorable exchange with them even though it's completely unsavory.
With that said, if the threat group is designed for a couple quick hits, they come together real quick, they blast out some ransomware that they have, there's no guarantee that they're gonna do anything because they're looking for a fast couple payments. Maybe if they can grab a million bucks, million and a half from a handful of companies and then they deform and and reform later down the road. The truth is you're never gonna really know. If you're dealing with the Akera groups of the world, the lock fit groups of the world, yeah, you can safely assume that if you pay them, they're going to get around to to do upholding their end of the bargain.
To be fair, that may take some time. I've spoken to, threat actor negotiators in the past, and they've said that after the transactions have taken place and after the last communication is sent, they've sat around waiting for between six and ten hours for the, for the encryption decryption keys to show up. So it can be nerve wracking and it can be stressful. And I think that that's, that's just the the chance we take when we, allow our ourselves to be, hacked in that way.
And, another question that I like here, it kinda feels hopeless.
Not a question, but I understand the sentiment in the sense that it does kinda feel hopeless. But this is just part of the cat and mouse game that threat actors and cybersecurity professionals have been playing over the past forty years. It's, at some times, they have an advantage. At other times, the cybersecurity, experts have the advantage. The pendulum pendulum does feel like it is it is shifting a bit from the past ten years, but it's not without our ability to respond. And I think that's something that's where DeepInStint, really shines in trying to get that pendulum back onto the side of the cybersecurity experts and the companies that we protect.
And then, do the LLM models found outside the dark web need libraries, that can only be found on the dark web or are there libraries available outside of the dark web? By and large, the models that you can download, from the clear web are fully encapsulated. And the moment you get them into your framework, whether it's OLAM or something else, they simply work.
Certainly, the code that it creates may require dependencies of some type, but the models themselves tend to be fully encapsulated and and tend to, to work out of the gate.
So in that regard, it's all available from the clear web. But, Ivan, taking a look at that question, is there any, thoughts you have on that?
Yeah. Also, the dark, AI, models, the ones I saw were using, Telegram. You just enter Telegram, you pay them the money, and they give you a bot that would be just like ChargeGPT inside of Telegram.
Wow. Wow. So it's even it's even getting easier to to to purchase them and interact with them on the dark web itself. You simply use Telegram again. Wow.
You have your little evil, helper in your phone. Like, you just need to ask it.
Well, they certainly are getting professional.
That's depressing.
Okay.
Very good. I wanna thank everyone for, for attending this webinar. I hope some of the information in here was insightful or helpful in some way. And, of course, if you have any conversation that you wish to have with DeepInSync about what we can do, by all means, please reach out to us. Why would you like to wrap us up?
Yep. As Brian said, again, thank you all for joining us wherever you are.
Always exciting time when the threat report comes out.
Exciting and, essentially, a little bit scary.
If you'd like to learn a little bit more about DeepInStinct, what we're doing, and how we are fighting the future here, you can request a free scan. If you, check out our website, you'll see some links for that. We've also, attached some different materials within the webinar page itself, so you can take a look through the threat report, through, some of our blogs. And we'll be sending a follow-up email that will have the recording of this webinar so that you have access to it. You can show it off to whoever you want, and and bring these insights to, the other relevant people in your professional lives.
So that is it for us. Thank you all for joining.
Please feel free to reach out with any further questions, and we'll make sure an expert's around to answer them. Have a good day.
CookieConsentStores the user's cookie consent state for the current domain
