I have to pass on this piece from today's WSJ. Makes me increasingly wonder when all of my financial savings held in electronic form in the cloud might vanish.....
*********
AI Effect: Amazon Sees Nearly 1 Billion Threats a Day
Amazon.com
says it is seeing hundreds of millions more possible cyber threats
across the web each day than it did earlier this year, a shift its
security chief attributes in part to artificial intelligence.
Just as criminals have embraced AI, Amazon has turned to the
technology to drastically scale up its threat-intelligence capabilities.
The company, given its presence online, can now view activity on
around 25% of all IP addresses on the internet, it says, between its
Amazon Web Services platform, its Project Kuiper satellite program and
its other businesses, giving the company a sweeping view of hacker
capabilities and techniques.
Amazon’s chief information security officer, CJ Moses, spoke with The
Wall Street Journal on how the company is approaching threat
intelligence in the AI era.
Prior to his current role, Moses ran security for Amazon Web Services,
its cloud business, and before that investigated cybercrime at both the
Federal Bureau of Investigation and the Air Force Office of Special Investigations.
Moses outlined how the company has built specialized tools using AI
such as graph databases, which track threats and their relationships to
each other; how that information has uncovered threats from
nation-states that haven’t historically been known to have extensive
cyber operations, and how its tools trick hackers into revealing their
tactics.
He
also discussed Amazon’s recent work with the U.S. Justice Department in
taking down the platform used by cybercriminal group Anonymous Sudan to
launch attacks on critical infrastructure globally.
This interview has been edited for length and clarity.
WSJ: How many attacks are you seeing these days? C.J. Moses:
We’re seeing billions of attempts coming our way. On average, we’re
seeing 750 million attempts per day. Previously, we’d see about 100
million hits per day, and that number has grown to 750 million over six
or seven months.
WSJ: Is that a sign hackers are using AI? Moses: Without a doubt. Generative
AI has provided access to those who previously didn’t have
softwaredevelopment engineers to do these things. Now, it’s more
ubiquitous, such that normal humans can do things they couldn’t do
before because they just ask the computer to do that for them.
We’re seeing a good bit of that, as well as the use of AI to increase
the realness of phishing, and things like that. They’re still not there
100%. We still can find errors in every phishing message that goes out, but they’re getting cleaner.
WSJ: Are you applying AI on the defensive side as well? Moses:
When you have a large-scale environment, you need a large-scale system.
We’ve created what is essentially a graph database that allows us to
look at billions of interactions across the environment. That
identifies, through machine learning, the things that we should be
concerned about, and also the domains we’re seeing that could be
problematic based upon past history as well as predictive analysis.
WSJ: What are the other ways you’re learning about hacker tactics? Moses:
Probably the most interesting is MadPot. This is essentially a network
of honey pots throughout our environment, which we use to glean
intelligence from those that are acting on them. So, you have a bunch of
semi-vulnerable systems that are presented in different ways, the
threat actors act upon them, and then you can learn from their actions.
Once you become smarter, then you can look back at the data that you
had from before and say: “Wait a second, we can determine that at this
point in time we were seeing these interactions with these systems that
now make sense to us.”
Pulling all that information together then gives us, in some cases, attribution.
WSJ: What have you learned from all this? Moses:
We’ve definitely have seen an increase of activity globally from threat
actors over the last year, or even less. In the last eight months,
we’ve seen nationstate actors that we previously weren’t tracking come
onto the scene. I’m not saying they didn’t exist, but they definitely
weren’t on the radar. You have China, Russia and North Korea, those
types of threat actors. But then you start to see the Pakistanis, you
see other nation- states. We have more players in the game than we ever
did before.
Nation-states that haven’t been active in this space now realize that they have to be, because all of all the big
players are. That means that there is more activity, there are more
threats, there are more things we have to look for, unfortunately.
WSJ:
Amazon was recently credited with providing assistance to the Justice
Department in an operation that seized hacking tools belonging to
Anonymous Sudan. How are you finding cooperation with the government on
threat intelligence today? Moses:
It’s working out, it’s better and better, which is a great thing. There
were points in time where it didn’t work in the past. Now, we have a lot
more people like myself that have been in the government, and are able
to speak the same language, or convey the right information so they can
be more effective in their jobs.
We worked very effectively together on that particular case. It was a
really good example of those of us that have been there knowing exactly
what things need to be tied up in a bow, to hand off to the right
people, so they could actually do something about it.