I have to pass on this piece from today's WSJ. Makes me increasingly wonder when all of my financial savings held in electronic form in the cloud might vanish.....
*********
AI Effect: Amazon Sees Nearly 1 Billion Threats a Day
Amazon.com says it is seeing hundreds of millions more possible cyber threats across the web each day than it did earlier this year, a shift its security chief attributes in part to artificial intelligence.
Just as criminals have embraced AI, Amazon has turned to the technology to drastically scale up its threat-intelligence capabilities.
The company, given its presence online, can now view activity on around 25% of all IP addresses on the internet, it says, between its Amazon Web Services platform, its Project Kuiper satellite program and its other businesses, giving the company a sweeping view of hacker capabilities and techniques.
Amazon’s chief information security officer, CJ Moses, spoke with The Wall Street Journal on how the company is approaching threat intelligence in the AI era.
Prior to his current role, Moses ran security for Amazon Web Services, its cloud business, and before that investigated cybercrime at both the Federal Bureau of Investigation and the Air Force Office of Special Investigations.
Moses outlined how the company has built specialized tools using AI such as graph databases, which track threats and their relationships to each other; how that information has uncovered threats from nation-states that haven’t historically been known to have extensive cyber operations, and how its tools trick hackers into revealing their tactics.
He also discussed Amazon’s recent work with the U.S. Justice Department in taking down the platform used by cybercriminal group Anonymous Sudan to launch attacks on critical infrastructure globally.
This interview has been edited for length and clarity.
WSJ: How many attacks are you seeing these days? C.J. Moses: We’re seeing billions of attempts coming our way. On average, we’re seeing 750 million attempts per day. Previously, we’d see about 100 million hits per day, and that number has grown to 750 million over six or seven months.
WSJ: Is that a sign hackers are using AI? Moses: Without a doubt. Generative AI has provided access to those who previously didn’t have softwaredevelopment engineers to do these things. Now, it’s more ubiquitous, such that normal humans can do things they couldn’t do before because they just ask the computer to do that for them.
We’re seeing a good bit of that, as well as the use of AI to increase the realness of phishing, and things like that. They’re still not there 100%. We still can find errors in every phishing message that goes out, but they’re getting cleaner.
WSJ: Are you applying AI on the defensive side as well? Moses: When you have a large-scale environment, you need a large-scale system. We’ve created what is essentially a graph database that allows us to look at billions of interactions across the environment. That identifies, through machine learning, the things that we should be concerned about, and also the domains we’re seeing that could be problematic based upon past history as well as predictive analysis.
WSJ: What are the other ways you’re learning about hacker tactics? Moses: Probably the most interesting is MadPot. This is essentially a network of honey pots throughout our environment, which we use to glean intelligence from those that are acting on them. So, you have a bunch of semi-vulnerable systems that are presented in different ways, the threat actors act upon them, and then you can learn from their actions.
Once you become smarter, then you can look back at the data that you had from before and say: “Wait a second, we can determine that at this point in time we were seeing these interactions with these systems that now make sense to us.”
Pulling all that information together then gives us, in some cases, attribution.
WSJ: What have you learned from all this? Moses: We’ve definitely have seen an increase of activity globally from threat actors over the last year, or even less. In the last eight months, we’ve seen nationstate actors that we previously weren’t tracking come onto the scene. I’m not saying they didn’t exist, but they definitely weren’t on the radar. You have China, Russia and North Korea, those types of threat actors. But then you start to see the Pakistanis, you see other nation- states. We have more players in the game than we ever did before.
Nation-states that haven’t been active in this space now realize that they have to be, because all of all the big players are. That means that there is more activity, there are more threats, there are more things we have to look for, unfortunately.
WSJ: Amazon was recently credited with providing assistance to the Justice Department in an operation that seized hacking tools belonging to Anonymous Sudan. How are you finding cooperation with the government on threat intelligence today? Moses: It’s working out, it’s better and better, which is a great thing. There were points in time where it didn’t work in the past. Now, we have a lot more people like myself that have been in the government, and are able to speak the same language, or convey the right information so they can be more effective in their jobs.
We worked very effectively together on that particular case. It was a really good example of those of us that have been there knowing exactly what things need to be tied up in a bow, to hand off to the right people, so they could actually do something about it.
No comments:
Post a Comment