5min. read

Today’s complex threat landscape demands that, in addition to having a team of cybersecurity experts, every business leader needs to understand the current risks and how to manage them. Just as business is never static neither is risk management.

The continual onslaught of information can be overwhelming. The knowledge and foresight needed to detect, prevent and mitigate cybersecurity risks are extensive and ever-evolving. Leaders need a comprehensive understanding of cybersecurity and insights that consider more than just data.

The Unit 42® Threat Vector podcast deploys comprehensive cybersecurity insights in a medium easily accessible for busy leaders on the go: a compelling biweekly podcast segment hosted on CyberWire Daily. It provides business leaders invaluable insights from Unit 42’s threat intelligence experts, incident responders and proactive security consultants through engaging discussions, expert interviews and insightful analyses.

Let’s look at some of the highlights of Threat Vector’s first three episodes. You can also subscribe to hear future segments on CyberWire Daily here.

Episode 1: AI’s Impact on Cybersecurity with Michael “Siko” Sikorski

It’s on everyone’s mind: How will AI benefit threat actors?

In our inaugural episode, Michael “Siko” Sikorski, CTO and VP of Engineering and Threat Intelligence at Unit 42 answers that question and speaks to the profound influence of artificial intelligence in an interview with David Moulton, Director of thought leadership for Unit 42.

What’s Sikorski’s critical concern? The pervasive integration of AI, particularly ChatGPT and large language models (LLMs), into the cybersecurity landscape. Sikorski discusses where attackers benefit from AI and how it will supercharge social engineering attacks. The potential here is staggering, as AI can craft eerily convincing messages in the style of specific individuals, making it a potent tool for phishing attacks and virtually indistinguishable from genuine communication.

As Sikorski aptly puts it, “Lowering the bar for social engineering attacks means attackers are less likely to be caught due to language inconsistencies.” The result? An upsurge in phishing attacks. This shift necessitates heightened vigilance and proactive measures on the part of organizations.

The increasingly widespread use of artificial intelligence has another critical consideration: potential security exposures within enterprises. Companies must be acutely aware of ensuring employee compliance with both AI utilization and general security policies to ensure that private data or sensitive information is not inadvertently shared or leaked. Businesses must remind employees that these are not private or confidential when using chat AI tools.

Ultimately, Sikorsi offers this advice for businesses with AI concerns: Instead of looking at companies riding the AI wave, look at those who have been working with AI for a long time and have the background to demonstrate their success. Sikorski shares, “Palo Alto Networks stands out as a trailblazer in AI adoption, spanning early malware detection, malware family identification and more recent advancements in automating security operations centers (SOCs) to efficiently handle the deluge of alerts.”

Episode 2, Part 1: Defending Against Advanced Threats with Kristopher Russo

In the second episode of Threat Vector, Kristopher Russo, senior threat researcher at Unit 42, and David Moulton, discuss the threat landscape and take a deeper dive into the intricate workings of Muddled Libra (related to Scattered Spider and Scatter Swine). This formidable threat group poses significant challenges to telecommunications, technology and software automation industries.

Russo explains how Muddled Libra works, with a few distinguishing traits. Muddled Libra employs legitimate persistence tools from trusted vendors to fly under the radar to target firms with access to high-value cryptocurrency holders. The type of data Muddled Libra is after is also highly specific — and they are very persistent in finding it.

Muddled Libra has a signature move: exploit the 0ktapus phishing kit to craft believable authentication pages and manipulate victims through social engineering. What are some actionable steps businesses can take to safeguard the cyber environment? Tune in and stay updated.

Episode 2, Part 2: Defending Against Advanced Threats with Stephanie Regan

In the second part of our deep dive into Muddled Libra's tactics, Threat Vector welcomes Stephanie Regan, a senior consultant with Unit 42 with a law enforcement background. Regan and David Moulton, discuss the challenges Muddled Libra and other threat groups pose. Threat actors are often highly persistent and can rapidly pivot when encountering roadblocks. Regan’s insights demonstrate Muddled Libra’s — and other threat actors’ — ability to perform deep reconnaissance and determination to understand their targeted environments thoroughly.

Regan emphasizes that training users to recognize common phishing indicators is essential as the conversation shifts into how users can counter phishing and social engineering tactics. Stronger multifactor authentication (MFA) methods and secure VPNs are critical components in defense. To bolster security, Regan recommends hard-to-fake device properties for VPN access, device certificates and registry keys.

Regan outlines the importance of speed, detailed incident response playbooks and the necessity of out-of-band communications to recover from attacks. She provides insights into a threat actor’s targeted attack on a business and its recovery. As threats evolve and share resources in the ransomware market, companies must stay ahead by adapting and enhancing their security measures.

Threat Vector provides insights that are both enlightening and cautionary. Still, these summaries only scratch the surface of the expert perspectives in the full podcast episodes. CISOs, C-level executives or anyone with a vested interest in safeguarding the digital world can benefit from subscribing to the Unit 42 Threat Vector podcast. Discover firsthand the invaluable knowledge, strategies and real-world stories cybersecurity experts share.

Threat Vector is your compass in the world of cybersecurity. Listen to all current segments on Unit 42 YouTube channel and Spotify and subscribe to the CyberWire Daily to hear more.