Social engineering as an attack vector for malicious actors gained its share of the spotlight in the past week, primarily due to the successful breach of casino systems in Las Vegas.
A ransomware attack attributed to the ALPHV/BlackCat hacking group affected websites, online reservations, ATMs and credit card machines at MGM Resorts properties across the U.S. Reports indicate that attackers gained entry to casino systems through the use of social engineering techniques on a company helpline.
At the mWISE Conference keynote session on Monday, Kevin Mandia, chief executive officer of Mandiant, a Google LLC company, emphasized the need to take social engineering seriously.
“He said that you need to assume that your employees are going to fall for these social engineering attacks,” said Rebecca Knight (pictured, center), industry analyst for theCUBE, SiliconANGLE Media’s livestreaming studio. “You need to do tabletop exercises where people are understanding, really grasping what a worst-case scenario looks like.”
Knight spoke with fellow analysts John Furrier (right) and Rob Strechay (left) at the mWISE Conference, during the keynote analysis in an exclusive broadcast on theCUBE. They discussed key messages from the first day of conference presentations. (* Disclosure below.)
AI could boost defense
Although the group alleged to be behind the attack on MGM does not appear to be from North Korea, speakers during the keynote session highlighted the success that the country’s threat actors have seen from social engineering attacks as well.
“They also pointed out from North Korea’s standpoint that they’re really good at social engineering, they take their time over a target month or so,” Furrier said. “Assume that everyone will be socially engineered at some point.”
Despite the latest high-profile hack to figure prominently in the news, there was optimism at the conference that rapid adoption of more advanced artificial intelligence tools will improve the security community’s ability to deal with complicated attacks. Mandia expressed a belief that AI will make a favorable impact in helping security analysts combat threats.
“Out of the security conferences I’ve been to, this was probably the most positive set of keynotes that I’ve seen,” Strechay said. “Everybody knows it’s a tough job and it’s very hard. AI is going to go and help that. He was showing that we’re going to make good analysts great analysts.”
Speakers during the mWISE keynotes noted that China had eclipsed Russia as the most potent cyber adversary, with a well-financed and sophisticated operation targeting governments and companies alike. This is galvanizing the private and public sectors to work more closely together.
“We’ve been seeing China stealing intellectual property from American citizens and companies [with] no help from the government, no public partnerships developing,” Furrier said. “That narrative has completely changed. There’s a call to arms. It’s a national security imperative; companies need protection.”
This call to arms is one of the factors contributing to optimism at this week’s conference that public/private collaboration will lead to stronger defenses against the perils of cybercrime.
“Yes, there is a lot of things to be worried about things that should keep us all up at night, but there really does seem to be a movement of trying to get more public/private partnerships,” Knight said. “The private sector is the goalie, the government is the offense — we need more risks and repercussions for these bad actors.”
Here’s the complete video discussion, part of SiliconANGLE’s and theCUBE’s coverage of the mWISE Conference:
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the mWISE Conference. Google LLC and other sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.