Back to all videos

Emerging Cybersecurity Threats by Igor Opushnyev & Kostiantyn Nikolaiev

By Canadian Institute for Cybersecurity (CIC)

Cybersecurity ThreatsRansomware AttacksAI in CybersecurityHuman Farms
Share:

Key Concepts

  • Nation-State Cyber Security Attacks
  • Double Extortion Ransomware
  • Fake Ransomware Attacks
  • LLM-Generated Ransomware
  • Human Farms (Distributed Human Farms)
  • Residential Proxies
  • Agentic Threats (AI Agents)

Nation-State Cyber Security Attacks

Nation-state cyber security attacks, while not new, have evolved with additional flavors. Historically, their goals were primarily espionage (spying for secrets, defense information, technology know-how) and establishing a foundation for cyber attacks against critical infrastructure.

Key Differentiators:

  • Budget: Significantly larger budgets compared to regular attacks.
  • Targeting: Strategically targeted, with the ultimate goal being achievement rather than immediate execution.

Defense and Mitigation:

  • Threat intelligence sharing between organizations and states.
  • Zero Trust Architecture implementation.
  • Regular patch and drill exercises.
  • International cooperation.

Double Extortion Ransomware Attacks

This attack involves a two-step process:

  1. Encryption: Attackers encrypt sensitive or operationally critical data.
  2. Data Exfiltration & Extortion: If the ransom is not paid, attackers proceed to steal and potentially release sensitive data, aiming to damage the organization's reputation and further pressure them into paying.

Distinction from Single-Stage Attacks: The addition of data exfiltration and the threat of its release for additional financial gain or reputational damage.

Recent Trends (2025): Continued prevalence of this attack type, with emerging variations focused on political or industrial influence, aiming to damage reputations or brands.

Prevention and Mitigation: Similar to regular ransomware attacks, but with the consideration of larger budgets and longer attack timelines. Vigilance for multi-step preparation phases is crucial.

Fake Ransomware Attacks

This attack occurs when attackers lack actual ransomware to encrypt data but simulate its presence by providing fake evidence. This can involve using previously leaked passwords (now fixed) or publicly available data retrieved from other sources.

Recent Development: The integration of Artificial Intelligence (AI) to generate realistic-looking fake data, enhancing the believability of the attack.

Tactics: High-pressure tactics are employed, such as claiming system compromise, implanting ransomware, and imposing short deadlines for ransom payment with threats of doubling the amount.

Goals: Primarily financial gain through fear and deception.

Dangers: Low effort and high reward for attackers.

Identifying Fake Ransomware:

  • Low Ransom Demand: The demanded amount is often significantly lower than in genuine attacks.
  • High-Pressure Tactics: Aggressive and time-sensitive demands.
  • Unconvincing Evidence: While appearing realistic, the evidence is often easily identifiable as not originating from a real attack.

Mitigation Support: The inclusion of psychologists in attack response teams can help identify manipulation tactics, providing significant support to technical and business teams.

LLM-Generated Ransomware

The increasing accessibility and sophistication of Large Language Models (LLMs) are being exploited by criminals. While many LLMs have built-in safeguards against generating malicious content, criminals are circumventing these by:

  • Retraining existing models.
  • Creating entirely new, uncensored models.

Example: The transcript mentions "white rabbit neo lm," a malicious LLM created by fraudsters, capable of generating Python code for ransomware based on prompts like "write ransomware in python." While not guaranteed to be immediately functional, the generated code is sufficient for creating executable ransomware.

Availability: Unrestricted LLMs are being offered as a service by fraudsters, often with subscription models for criminal activities.

Cyber Attacks from Distributed Human Farms

Human Farms: Organized groups of low-wage workers performing illegal activities. Initially focused on solving CAPTCHAs, they have evolved to bypass bot detection due to their human workforce.

Characteristics:

  • Cost-effective: Low operating costs.
  • 24/7 Operation: Continuous availability.
  • Difficult Automation Detection: Human involvement makes automated detection challenging.

Distributed Human Farms: An enterprise-level evolution, providing online platforms where individuals can register, log in, and perform assigned tasks for payment. These tasks can include CAPTCHA solving, account harvesting, credential stuffing, and more.

Applications:

  • Account creation.
  • CAPTCHA solving.
  • Phishing campaigns.
  • Credential stuffing.

State Sponsorship: Human farms can be utilized by state-sponsored actors due to their ease of use and difficulty in tracing back to government involvement.

Mitigation Strategies:

  • Behavioral biometrics.
  • Device fingerprinting.
  • Rate limiting.
  • Anomaly detection.
  • Threat intelligence.
  • Monitoring.

Residential Proxies

Mechanism: Companies create and popularize legitimate-looking software (games, utilities). Their client agreements include clauses allowing them to route traffic through users' devices. Users who download this software unknowingly become part of a residential proxy network.

Functionality: Users of these proxy services can then route their traffic through these compromised devices, appearing as legitimate users from specific geographic locations. This allows them to impersonate users from different countries.

Dangers:

  • Enhanced Anomaly: Targeting services receive requests from real IP addresses, making them appear legitimate and harder to detect as malicious.
  • State-Sponsored Attacks: Can be leveraged by state-sponsored actors.
  • Impact on Public Safety and Business Continuity: For example, a surge of fake bomb threat reports to police departments via residential proxies could overwhelm resources and cause significant disruption.

Detection: While difficult to detect, research teams, such as one at the University of New Brunswick led by Dr. Sajat Da, are making progress in proxy detection.

Examples of Providers: The transcript mentions several well-known residential proxy providers.

Agentic Threats (AI Agents)

Definition: AI agents are advanced bots powered by LLMs and "Large Action Models" (LAMs) capable of acting based on their training data. They represent a significant leap beyond traditional bots.

Key Characteristics:

  • Enormous ROI for Fraudsters: Just as AI agents improve efficiency for legitimate businesses, they offer immense returns for criminals.
  • No-Code Creation: Fraudulent agents can be created with minimal technical expertise using readily available frameworks and tools.
  • Criminal Guidance: LLMs can guide users through the entire process of creating and deploying fraudulent agents.
  • Rapid Time-to-Value: The time from identifying a vulnerability to launching an attack is drastically reduced, potentially to under four minutes for zero-day vulnerabilities.
  • Superiority to Humans: AI agents can be more effective than humans in creating and preparing attacks.

Foreseen Applications by Fraudsters:

  1. Autonomous Attack Systems:

    • Multi-Agent Systems: Different parts of an attack can be implemented by separate agents and then coordinated into a sophisticated system.
    • Sophistication: Can utilize real hardware, multiple communication channels (phone lines, websites), and coordinate actions.
    • Example: "Open air operator" used for password testing across sites, generating CSV files for credential stuffing.

  2. Autonomous Fraud Agents:

    • Goal-Oriented: Agents are given a goal and will autonomously execute attacks, learning and improving over time.
    • Flexibility: Can attack specific targets and adapt to similar groups of targets.
    • Dormant Account Creation: AI agents can create dormant accounts that appear legitimate by mimicking real user behavior and contributing to social networks, making them harder to detect than traditional methods.

  3. Fraudulent Autonomous Transactions:

    • Automation of Payment Processes: Automating processes typically associated with payments.
    • Integration with Proxies: Combining with tools like residential proxies makes these attacks extremely difficult to combat.

Double-Edged Sword: AI agents have legitimate applications but also present significant threats. For every beneficial use case, there is a corresponding fraudulent application (e.g., AI for customer support vs. AI for social engineering attacks).

Ease of Creation: Creating an AI agent can take as little as 30 minutes using open-source frameworks, even for individuals with no prior experience. These agents can integrate with various systems, including payment solutions, email, and other LLMs.

Compromise Risk: The complex chain of integrations in AI agents creates vulnerabilities that can be exploited.

Conclusion: The rapid development and accessibility of AI agents necessitate immediate consideration of these emerging threats.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "Emerging Cybersecurity Threats by Igor Opushnyev & Kostiantyn Nikolaiev". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video