This month’s focus is on the importance of double-checking the work of security researchers and headlines. We live in a fast-paced news cycle and a rapidly changing threat landscape, driven by the geopolitical climate and advances in technology, particularly in AI. There is a rising trend in articles and research papers that report opinion and speculation as fact. Much like traditional news media, challenge and question everything, as threat researchers and cybersecurity journalists sometimes get things wrong.
Researchers stirred considerable buzz when parts of their proof-of-concept code were discovered on Virus Total, featuring the first-ever AI-powered ransomware. Researchers, however, did state that while the malware does not work outside of lab conditions, they also did not jailbreak the OpenAI models to create the code, suggesting that threat actors may be closer to making and using AI-powered ransomware.
A second example is a technical report written about a previously unknown Russian Threat actor of an Oil and Gas company in Kazakhstan. The company published a press release stating that the attack was a training exercise, during which the relevant stakeholders were notified in advance. This story appears to have far more “evidence” of there being an attack based on the realistic use of IOCs. When creating these types of training exercises, it is good practice to clearly label the created materials and observables as support for a crisis exercise.
The final example to approach with skepticism is the articles relating to China’s great firewall outage. Many articles speculate or publish opinions without sufficient evidence to suggest whether port 443 was blocked for 74 minutes by mistake. However, a great deal of information can be gleaned from people’s reactions and behaviors during and after the outage.
In summary, approach intelligence reports and articles with a healthy amount of skepticism, double-check each other’s work, and if something sounds off, pulling those threads can lead to interesting conversations and lessons to learn.