Justice never sleeps, and the same goes for cybersecurity teams facing more threats than ever before.
Because threat actors are working around the clock, cybersecurity teams have to do the same, which is why Sherrod DeGrippo (pictured), director of threat intelligence strategy at Microsoft Corp., describes the vocation as a “calling.”
Sherrod DeGrippo of Microsoft talks about what AI means for cybersecurity.
“Across public sector, whether it’s state, local, federal or governments in other countries globally, we want to partner with them to give them the intelligence that they need so that they can help us understand their views as well,” she said. “The public sector has incredible amounts of data, signals and information to share with us,” she said. “But there’s always going to be something that they don’t have, and that’s where we like to come together, fill those gaps where we can. But, in the end, the ultimate goal is always to shut threat actors down from doing damage and harm to really the global footprint, regardless of who you are, customer or not.”
DeGrippo spoke with theCUBE Research’s Savannah Peterson at the Black Hat USA event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the increasing complexity of cybersecurity threats and the impact of artificial intelligence.
Cybersecurity teams combat global threats
Different countries can present unique security problems, with North Korea posing a strong threat to cryptocurrency exchanges and national security. Their methods are often complex, such as a threat actor called Moonstone Sleet, which developed a fake video game company to conduct espionage.
“With cryptocurrency, specifically, it really is in many ways almost designed from the ground up to facilitate some of these more illegal or … nation-state-focused capabilities because it, by nature, is untraceable yet tracked. So, we can see them stealing it, but we don’t know where it’s going, what they’re doing,” DeGrippo said.
AI and large language models are now giving attackers new tools with which to deceive victims, although DeGrippo emphasized that its main purpose is to accelerate workloads and function as another interface for data.
“We do see threat actors using LLMs primarily in the same way that you or I might use an LLM — research, helping to write something better, helping to craft written materials, craft phishing emails. We aren’t seeing them use it to create malware in any capacity beyond the ways that they were creating malware before,” she said. “An LLM really is an interface that you’re using to get to the data. We have to keep in mind that interfaces are tools and tools can be leveraged for good or evil.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the Black Hat USA event: