Since generative AI became available to the public, there has been a sharp rise in successful phishing campaigns and ransomware attacks. Cybercrime is becoming even faster, more automated, and more professional. In one recent case, encryption occurred within just 8 seconds of initial access. However, machine learning and deep learning are also empowering defenders. These technologies are enabling early detection and mitigation, significantly enhancing cybersecurity solutions. In this talk, I will share striking insights from real-world cyberattacks, discuss the recent work of our CSIRT, and explore the evolving landscape of threat actors. Finally, I will delve into current challenges, trends, and the growing role of AI in cyber defence.

AI Summary

Disclaimer: This session information was generated with the help of AI. The information has been reviewed and refined by the Swiss Cyber Storm team and the speaker before publishing.

Sandro Bachmann discusses the dual role of AI in cybersecurity, highlighting its use in both offensive and defensive strategies. He shares insights from his experience at InfoGuard, focusing on incident response, the effectiveness of AI-driven tools like EDRs in detecting and blocking attacks, and the evolving landscape of cyber threats including ransomware and phishing. Bachmann emphasizes the need for rapid response and recovery strategies in the face of increasingly sophisticated attack

Key facts

In 2024, phishing and business email compromises account for 64% of cyber attack entry points, showing a significant increase from previous years.
Ransomware attacks are becoming faster, with instances of servers being encrypted in as little as 8 seconds from initial breach.
Despite the use of AI in cybersecurity, 15% of ransomware victims still end up paying the ransom.

Ideas

AI and machine learning significantly enhance cybersecurity defenses, enabling rapid detection and blocking of attacks.
Despite advancements in AI-driven security tools, human intervention remains crucial for comprehensive incident response and threat mitigation.
The landscape of cyber threats is evolving, with attackers leveraging AI for more sophisticated and faster attacks, including deep fake technologies and exploiting vulnerabilities within seconds.

Keywords

AI in Cybersecurity
Incident Response
EDR
Ransomware
Phishing

Quotes

“AI allows threat actors to attack new objectives so they don't need to know what they are attacking because they can ask LLM, 'Hey, what is that and how can I enter that?'”
“EP EDRs with AI will slow down the attacker and gives us more time to respond to it.”
“The threat actors will be faster in responding to new vulnerabilities, that means we have less time for patching.”

Recommendations

Organizations must adopt AI-driven security tools like EDRs to enhance their defensive capabilities against rapidly evolving cyber threats.
Rapid response and recovery strategies are essential to mitigate the impact of cyber attacks, emphasizing the need for effective incident response teams.
Businesses should focus more on prevention, including hardening systems and improving patch management processes, to reduce the risk of successful attacks.

About the speaker

Sandro Bachmann

Senior Incident Responder at InfoGuard

Sandro Bachmann is a Senior Incident Responder working in the CSIRT of InfoGuard. With more than 13 years of experience in IT and IT security, he is well-prepared for the daily firefighter challenges. He holds a Bachelor of Science (BSc) in Computer Science and also works as a guest lecturer at the Lucerne University of Applied Sciences and Arts (HSLU).
Read more …

Session