Hackers are using Artificial Intelligence (AI) to amplify their attacks, while there is an ongoing debate about whether unprivileged username spaces provide more security or make the system more vulnerable, are two of the conclusions of cybersecurity experts on the first day on Wednesday of the DevCon 2024 event in Bucharest.
According to Ignat Korchagin, engineering manager (Linux team) at Cloudflare, not granting permissions to some applications can turn a system into a more secure one.
"Unprivileged Linux user namespaces is a rather controversial topic in the security community, Linux Kernel community and in software engineering in general. On one side it allows building unprivileged and sandboxed services and applications, which would otherwise require elevated privileges to successfully run and provide features to their users. Not granting privileges to such applications follows the least privilege principle and makes our systems more secure. On the other side, this mechanism has been repeatedly used in various vulnerabilities and exploits as a starting attack vector, multiplying the damage and impact of these exploits. And since it became so popular within the offensive industry, many Linux distributions and security guidance started recommending disabling this feature altogether. There is an ongoing debate whether unprivileged user namespaces provide more security or make the system more vulnerable," Korchagin said.
David Lilja, senior threat analyst at Truesec, pointed out that hackers are now increasingly turning to AI technology to amplify their cyberattacks.
"'Hacking Human OS' dives deep into the psychological, cognitive, and behavioural factors that expose even the most secure systems to cyber threats. Human erroroften overlooked but highly exploitablecan be hacked through social engineering and cognitive manipulation. Developers who build the digital future are not immune to these vulnerabilities. As pressures mount to deliver quickly, their decisions can inadvertently introduce weaknesses. However, by rethinking how developers approach security, from the habits they form to the code they write, we can help them transform into formidable defenders against modern cyber threats, " said Cyber Solutions Hub founder Andrei Codrut on the event's website.
Cybersecurity professionals have lately warned about the impact of the use of Generative AI (GenAI) in cybercrimes.
Thus, a report called "AI in Cybersecurity: Friend or Foe?" recently published by Deep Instinct highlighted the fact that 97% of cybersecurity experts are worried that their organisations will be affected by the use of AI in cybercrime operations, while 75% admit that the evolution of AI has affected and changed their cybersecurity strategy in the last 12 months.
At the same time, Eset experts reckon that cybercrime could cost companies USD10.5 trillion in 2025, an amount that includes the profits made by hackers through various means.
Over 2,500 IT professionals and technology enthusiasts from Romania meet on November 6-7 for the sixth edition of DevCon 2024 in Bucharest.
The concept of this year's edition provides a broad vision of Artificial Intelligence and how it can be integrated and interconnected with other technologies.
Comentează