Did You Click on an Ad Owned by Russian Mobsters?

A particularly interesting briefing came from the team at InfoBlox. Researchers at the threat intelligence firm presented evidence that an organized crime group known as VexTrio is operating a traffic distribution system (TDS) that intercepts consumers' browsing traffic, and serves up fake alerts, downloads for fake dating apps, and prompts people to download malware disguised as antivirus software.

Dr. Renee Burton is part of the Infoblox research team, and she recommends avoiding these scams by simply not allowing notifications for websites while browsing. She also suggests researching apps before downloading and ignoring device infection pop-ups or alerts that you may see while browsing.

Learning How to Take AI Down a Peg or Two

In dystopian fiction, humanity gives more and more control to AI and then suffers the consequences. As an Israeli research team reported, that’s not fiction anymore.

In a presentation frequently interrupted by applause, they demonstrated simple techniques for subverting Google’s Gemini through calendar invitations and even through email. The researchers forced Gemini to delete messages, spew invective at the user, steal email messages, and even use Google Home to open windows.

Google has added defenses against these targeted “promptware” attacks, but the team warns that it anticipates promptware attacks to increase in complexity and severity.

An Increasingly Sophisticated Threat Landscape: AI Adoption

In a separate presentation on Thursday, researchers from the University of Central Florida and the Cognitive Security Institute announced their predictions for the next two years of global AI adoption.

Those predictions included increasingly sophisticated catfishing scams, more effective phishing attempts, and, concerningly, everyone will have a so-called digital twin created using their online content.

To back up these predictions, the researchers showed a version of a "digital twin" of Chief Justice John Roberts created by their students. The large language model appeared to have been trained on Roberts' public Supreme Court opinions and rulings, making it a not-so-fun and not-so-convincing fake.

The team suggested designating a "safe word" with your family members and friends, so if, or when, your digital twin comes along, your loved ones won’t become its victims.

Examining the Malware Landscape

Speaking of malware, one of cybersecurity's pioneers provided a malware history lesson as part of the opening keynote for the event.

Mikko Hypönnen, a longtime cybersecurity researcher who worked with F-Secure and WithSecure, opened his speech by recounting his days of keeping viruses and worms, which were made by random kids as pranks, on floppy disks.

He told us that money is the root of all evil, permeating the cybercrime landscape. Once criminals, adversarial governments, and everyone else learned that they could use malware to steal money, the stakes got a lot higher for cybersecurity professionals.

A New Breed of Hacking Attacks

Any hacking group that wants to penetrate your network typically starts small, sneaking in an app that can then expand its control. Then they need remote communication with that app, and its commands can reveal the attack to network security.

Adam Crosser of Praetorian found a way to effectively make Zoom or Teams do the work of evading security, and to disguise those remote control messages as web conferencing traffic.

Like any ethical hacker, he notified Zoom and Microsoft. Zoom has locked down its tech to prevent this attack, but Microsoft hasn’t.

Security Cameras: An Open Door for Hackers?

In a different demonstration, researcher David Moshe and his team discovered that security cameras can leave networks wide open to hackers.

Moshe and Claroty’s Team82 found a service on the web called axis.remoting and parlayed that discovery into an attack that gave them full control of any security cameras and camera control servers from Axis Communications.

Axis fixed the problem quickly, but teams like Moshe’s (and their equivalents on the Dark Side) continue to seek and find security holes.

Is Cybersecurity Your Next Big Career Move?

Finally, a panel of successful women, each of whom worked in the industry for at least a decade, offered some solid suggestions for navigating the industry as visible minorities.

The group answered questions from the crowd about dealing with uncomfortable office politics and staving off the dreaded imposter syndrome.

The panelists told us that some of the keys to entering the industry and staying employed are: keep your skills sharp, stay curious, seek out a community of like-minded and empathetic mentors or fellow professionals, be yourself, and stay flexible when it comes to taking jobs that are off the beaten path.