Adversaries like the group being tracked as Storm-2139 are already finding ways to bend and break guardrails around generative artificial intelligence (GenAI) services, and Microsoft is pushing back with a name-and-shame campaign intended to break up their little cybercrime party.
Microsoft’s digital crimes unit named four men — Iranian Arian Yadegarnia, Alan Krysiak from the UK, Hong Kong’s Ricky Yuen, and Phát Phùng Tấn from Vietnam — who were selling unauthorized access to Azure AI services along with step-by-step instructions for generating titillating images of celebrities and others.
This activity is prohibited under the terms of use for our generative AI services and required deliberate efforts to bypass our safeguards,” said Steven Masada, assistant general counsel of Microsoft’s digital crimes unit, in a statement. “We are not naming specific celebrities to keep their identities private and have excluded synthetic imagery and prompts from our filings to prevent the further circulation of harmful content.
Microsoft filed a lawsuit against the group members last month and was able to seize a website behind the operation, he explains. Subsequently, Microsoft attorneys were “doxed,” having personal information posted publicly in retaliation.
Microsoft is responding with an amended complaint along with the public naming of those they believe are behind the cyberattack, known as LLMjacking.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Cloud adoption, tool integrations, and AI are spurring significant changes in how security information and event management (SIEM) systems are evolving.
Security information and event management AI (SIEM) platforms have evolved far beyond their basic log collection and correlation roots.
With cyber threats moving too fast for manual intervention, leading vendors have been integrating artificial intelligence and machine learning technologies into their SIEM platforms.
In addition, modern SIEM platforms now incorporate extended detection and response (XDR) and security orchestration, automation, and response (SOAR), enabling real-time threat detection and automated remediation.
SIEMs have become a platform to monitor log data for anomalies and suspicious events before triggering alerts based on unusual behavior and detection rules.
“[SIEM] often serves as the workspace for security analysts to investigate incidents that are correlations of alerts with other contexts such as asset information, vulnerabilities, and threat intelligence,” according to analyst group IDC. “IDC expects that in the future, the SIEM will also be the response center of the SOC with automated handling of many incidents via playbooks.
And as enterprise cloud use continues to rise, Google’s Cloud Cybersecurity Forecast predicts that SIEM products will become central to enterprise SOCs (security operations centers) ingesting “everything from cloud logs to endpoint telemetry.”
Joe Turner, global director of research and business development at market intelligence firm Context, notes that larger attack surfaces and more sophisticated attacks are spurring enterprises to invest in SIEM in combination with other technologies, including XDR and SOAR, as a platform to correlate, detect, and remediate threats. As such, his firm reports that the SIEM market grew 20% in 2024.
SIEM, XDR, and SOAR convergence
The convergence of SIEM with security tools such as XDR and SOAR is a major factor driving growth in the market.
SIEM provides log analytics and broad visibility, XDR extends detection across endpoints and cloud, and SOAR orchestrates response.
When SIEM detects a security incident, SOAR triggers automated response actions via XDR — isolating compromised endpoints, disabling compromised user accounts, or blocking malicious traffic in real-time.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3829750/4-key-trends-reshaping-the-siem-market.html
Cybercriminals are increasingly exploiting gen AI technologies to enhance the sophistication and efficiency of their attacks.
Artificial intelligence is revolutionizing the technology industry and this is equally true for the cybercrime ecosystem, as cybercriminals are increasingly leveraging generative AI to improve their tactics, techniques, and procedures and deliver faster, stronger, and sneakier attacks.
But as with legitimate use of emerging AI tools, abuse of generative AI for nefarious ends isn’t so much about the novel and unseen as it is about productivity and efficiency, lowering the barrier to entry, and offloading automatable tasks in favor of higher-order thinking on the part of the humans involved.
“AI doesn’t necessarily result in new types of cybercrimes, and instead enables the means to accelerate or scale existing crimes we are familiar with, as well as introduce new threat vectors,” Dr. Peter Garraghan, CEO/CTO of AI security testing vendor Mindgard and a professor at the UK’s Lancaster University, tells CSO.
Garraghan continues: “If a legitimate user can find utility in using AI to automate their tasks, capture complex patterns, lower the barrier of technical entry, reduced costs, and generate new content, why wouldn’t a criminal do the same?
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
