Top | ||
Newsletter 02/19/2024 | If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal |
Back to Contents |
Microsoft Slays The AI Demons
On February 14, 2024, Microsoft, partnering with OpenAI, published, "Staying ahead of threat actors in the age of AI." The report described how Microsoft and OpenAI disrupted several nation-state groups of threat actors whose purpose and intention had been to leverage Artificial Intelligence technology toward their own nefarious ends. In its blog posting titled, "Disrupting malicious uses of AI by state-affiliated threat actors," also dated February 14, 2024, OpenAI says that the two AI giants had "disrupted five state-affiliated malicious actors." In publishing these findings, Microsoft claims the objective of these efforts both by Microsoft and OpenAI is "to ensure the safe and responsible use of AI technologies like ChatGPT," while, at the same time, "upholding the highest standards of ethical application to protect the community from potential misuse."
Microsoft lists five different threat actors who have exploited AI technology for their own uses. In each case, Microsoft says it has disabled "all accounts and assets" associated with each threat actor that it lists. Below you will see research shows several of these nation-state actors are well known cybersecurity threats who have been active for years. The following will give readers an overview of Microsoft's efforts at thwarting these threat actors.
1.
2. Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe. Emerald Sheet used spear-phishing emails to direct its victims to malware laden Microsoft Word documents hosted on OneDrive, as the Hacker News article cited above reported. Microsoft observed how this threat actor misused AI technology "to better understand publicly reported vulnerabilities, such as the CVE-2022-30190 Microsoft Support Diagnostic Tool (MSDT) vulnerability (known as “Follina”). In a Dispatch dated, May 20, 2023, a deeper dive into the Follina vulnerability was made.
3. DarkReading, October 26, 2023, in a report titled, "Iran APT Targets the Mediterranean With Watering-Hole Attacks," notes that this group has been known to have been "compromising legitimate websites and using them to insert malicious JavaScript."
4.
5. In its opening, Microsoft states the obvious fact that "The progress of technology creates a demand for strong cybersecurity and safety measures." It offers as an example, President Biden's, "Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence," released, October 30, 2023, to show how Uncle Same can be a partner, along with technology companies, in adopting policies that strength this nation's efforts at cyber resiliency. An Executive Order, however, cannot have the strength of law that actual bills passed by Congress, and then signed into law by the President, can have. When performing a search of bills pending from this session of Congress that concern cybersecurity, only one bill has passed the Senate and then sent to the House Of Representatives. Sen. Gary Peter's S.3600 - Strengthening American Cybersecurity Act of 2022, was sent to the House for vote in the lower chamber, March 2, 2022. The bill is currently listed as "Held at The Desk" by the House. Held at the desk for almost two years now. And we pay these clowns to do what?
| ||
¯\_(ツ)_/¯¯ Gerald Reiff |
Back to Top | ← previous post | next post → |
If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal |