Kaspersky, a global cybersecurity provider, hosted its Cybersecurity Weekend 2024 for Asia Pacific countries from 4-7 August 2024 in Sri Lanka to provide insights into the latest cybersecurity developments and potential threat vectors in the region, as well as best practices to address the latest security challenges. Ransomware remains a major threat, with the proliferation of AI in offensive roles by threat actors potentially adding to the complexity and sophistication of cyberattacks. The world’s top cybersecurity professionals, journalists, COOs, executives from major industries and many others were provided with insights and in-depth analysis of the most pressing cybersecurity threats and potential challenges related to the proliferation of AI by Kaspersky’s leading cybersecurity experts.
The selection of Sri Lanka as the venue for the 2024 Kaspersky Cybersecurity Weekend for Asia Pacific countries underlines the growing importance of the country and Kaspersky’s mission to offer comprehensive cybersecurity services to protect the digital infrastructure of public and private entities as well as individuals, small and medium-sized businesses (SMBs), medium and large enterprises and critical infrastructure companies.
At the conference, Adrian Hia, General Manager, APAC, Kaspersky, highlighted the need for cybersecurity vendors and the organizations that employ them to adjust their cybersecurity posture and be aware of the legal ramifications of the regions in which they operate. “For many organizations, the integration of AI is inevitable, given their invaluable ability to process large data sets, but stakeholders need to be aware of data compliance, especially when combined with the use of AI. Policies need to be implemented on how confidential data is handled and what aspects of that data can be accessed by AI, while remaining compliant with the laws and regulations an organization is subject to in the region in which it operates,” said Adrian.
“In an era where availability is paramount, businesses must also consider cyber resilience. Best practices for resilience require telemetry and information logging to quickly identify and respond to incidents, as well as a comprehensive incident response policy to ensure rapid recovery in the event of a cyber attack,” adds Adrian.
As Director of Kaspersky’s Global Research and Analysis Team (GReAT), Igor Kuznetsov has a broad view of the cybersecurity threat landscape. “The most common cybercrime perpetrated globally is ransomware, run by malicious actors as a business (RaaS), with the most common infection vectors being the exploitation of vulnerable public applications, followed by compromised and brute-forced credentials. An emerging threat that needs to be considered is the compromise of supply chains and trust relationships – half of these cases were seen after the attack was successful. In terms of targets, the most attacked sectors were government entities, financial institutions and manufacturing companies,” Igor said.
The summit also highlighted the growing role of AI in cybercrime, which can improve social engineering attacks by creating more natural emails and inputs for phishing attacks, generate passwords, help code malware, and even carry out password-based attacks. The advent of AI also means that cybercriminals can potentially target potential victims with adversarial attacks, making small changes to files so that AI systems can be manipulated to misclassify malware as safe. To further improve security and detection rates, Kaspersky mimics adversarial attacks on its own malware detection models.
“AI attacks are growing rapidly these days. Some of them still require highly skilled data scientists and considerable effort, but others are already implemented in publicly available tools. We can highlight two main parts. The first is offensive AI – where adversaries use advanced techniques to speed up their routine or find new threat vectors to implement it. Deep fakes, which have been widespread this year, are just one example. The second is AI vulnerability – some AI models could be forced by adversaries to do restricted or unexpected things. As an example, a number of rapid attacks on large language models have emerged in the last year.
At Kaspersky, we have been studying all these issues for many years in order to create reliable protection for our customers.” said Alexey Antonov, Chief Data Scientist at Kaspersky. Kaspersky is also leveraging AI to detect malicious attacks and emerging threats, particularly seeing the number of potential malware detected with 411,000 unique malware samples detected daily in 2024 alone and over 403,000 per day in 2023.
One of the most pressing issues highlighted at the summit was how supply chain attacks could potentially damage critical infrastructure such as hospitals, banks, airlines and more. This was highlighted when a faulty software update from Crowdstrike, a US-based cybersecurity company, caused a reboot death spiral, leading to the blue screen of death for over 8.5 million Windows machines worldwide and causing an unprecedented amount of financial damage. “Potential avenues for a supply chain attack on machine learning models would be to manipulate training data to introduce biases and vulnerabilities into the model or to modify AI models with altered versions so that they produce incorrect results. With AI here to stay, such attacks can have an unprecedented impact similar to the one we recently experienced due to faulty software or a backdoor issue in SSH that was fortunately avoided earlier this year,” says Vitaly Kamluk, GReAT cybersecurity expert at Kaspersky.
The attack on Linux XZ utilities that became a required dependency of the Secure Shell (SSH) service could potentially turn into a backdoor into millions of Internet of Things (IoT) devices, servers, and network equipment that depend on it, was successfully detected and thwarted in time.
Ultimately, organizations must plan and ensure cyberattack mitigation strategies are in place, including cyber resilience plans, ensuring staff are trained against potential cyberattack avenues such as phishing attempts, implementing cybersecurity best practices, and ensuring up-to-date threat intelligence by partnering with trusted cybersecurity partners who can also provide defense-in-depth and preventative protection.