Alberto Bartoli - Blog

More than a year ago (January 2024), I gave a presentation at a meeting entitled "Crime and new technological frontiers", held at the University of Trieste and aimed mainly at local police forces. A major focus of the meeting was, needless to say, the cybersecurity implications of so-called artificial intelligence. My opinion was quite strong and somewhat unpopular (as is often the case): We should not be particularly worried. There is no significant evidence of AI usage for phishing/spearphishing.  I think this fact will hold for a long time. The main AI-related risk in cybersec is "getting distracted by its promises": for MANY serious problems we have practical and effective solutions...but we don't apply them! Every year, cybersecurity companies publish a report summarising the main trends they have observed. A few days ago, I read two commentaries on the 2024 data that confirmed my opinion. This is Kevin Beaumont : My main observations: Firstly, no mention o...

Every day there is a lot of interesting news related to cybersecurity. Many of these news items are closely related to topics discussed in my Cybersecurity course . Sometimes these news are very closely related to the lectures of a few days ago. Yesterday was a very interesting day in this respect. On Tuesday we discussed how to attribute a specific attack campaign to a specific threat group, what IoCs (Indicators of Compromise) are, their role in attribution, and how they can be used by a defender. Yesterday I found a report that discusses all these issues in a nice and easy to read way, with reference to a specific attack campaign attributed to a Chinese threat group. The report includes a technical description of the software tools used, including "living off the land" tools (another term we discussed), a description of the download and execution steps of the infection chain and, of course, a mapping to the MITRE ATT&CK Enterprise Matrix (the report mentions LSASS dum...