The Ever-Evolving Cybersecurity Landscape: A Week in Review. 05/05/2024

Hello readers! Here’s your weekly roundup of the top five tech and cybersecurity stories that made headlines this week, ending May 5, 2024.

AI’s Killer Function: Helpful Agents

Sam Altman, a prominent figure in the AI industry, described the killer app for AI as a 'super-competent colleague that knows absolutely everything about my whole life, every email, every conversation I’ve ever had, but doesn’t feel like an extension.' This highlights the potential of AI to revolutionise our daily lives and work.

Altman believes that AI tools will become even more enmeshed in our daily lives than the smartphone. He sees a future where AI will be capable of helping us outside the chat interface and taking real-world tasks off our plates.

When asked about the hardware requirements for this future, Altman stated that he doesn't think it will require a new piece of hardware. He suggested that the type of app envisioned could exist in the cloud. However, he also mentioned that even if this AI paradigm shift doesn’t require consumers to buy new hardware, they might be happy to have a new device.

This vision represents a leap from OpenAI’s current offerings. Its leading applications, like DALL-E, Sora, and ChatGPT, have impressed us with their ability to generate convincing text, surreal videos, and images. But they mostly remain tools we use for isolated tasks, and they cannot learn about us from our conversations with them.

Wave of Wafer-Scale Computers

TSMC’s North American Technology Symposium detailed its roadmaps on semiconductor technology and chip-packaging technology. The company predicts that by 2027, we will see full-wafer integration that delivers 40 times as much computing power.

At TSMC’s North American Technology Symposium, the company detailed its semiconductor and chip-packaging technology roadmaps. While the former is critical to keeping the traditional part of Moore’s Law going, the latter could accelerate a trend toward processors made from more and more silicon, leading quickly to systems the size of an entire silicon wafer.

Tesla’s next-generation Dojo training tile system is already in production, TSMC says. In 2027, the foundry plans to offer technology for more complex wafer-scale systems than Tesla’s that could deliver 40 times as much computing power as today’s systems.

The key to this technology is connecting those dies so that signals can go from one to the other as quickly and with as little energy as if they were a big piece of silicon. TSMC already makes a wafer-size AI accelerator for Cerebras. Still, that arrangement appears unique and is different from what TSMC now offers with what it calls System-on-Wafer.

In 2027, you will get a full-wafer integration that delivers 40 times as much computing power, more than 40 reticles’ worth of silicon, and room for more than 60 high-bandwidth memory chips, TSMC predicts.

This represents a significant leap in the semiconductor industry and could potentially revolutionize our understanding of computing power and efficiency.

AI Start-Ups Face Financial Reality Check

The AI revolution comes with a hefty price tag. Tech companies betting their futures on AI are grappling with the gap between the expenses and the profits they hope to make.

The AI revolution is proving to be a costly endeavor for tech start-ups, with several high-profile companies struggling to balance their enormous expenses with modest sales. Investors have poured $330 billion into about 26,000 AI and machine-learning startups over the past three years, according to PitchBook².

Since mid-March, the financial pressure on several signature artificial intelligence startups has taken a toll. Inflection AI has folded its original business, which raised $1.5 billion but made almost no money. Stability AI has laid off employees and parted ways with its chief executive.

This problem is particularly acute for high-profile startups that have raised tens of billions of dollars to develop generative AI, the technology behind chatbots like ChatGPT. Some are already figuring out that competing head-on with giants like Google, Microsoft, and Meta will take billions of dollars—even that may not be enough.

While plenty of money has been burned in other tech booms, the expense of building AI systems has shocked tech industry veterans. Unlike the iPhone, which kicked off the last technology transition and cost a few hundred million dollars to develop because it primarily relied on existing components, generative AI models cost billions to create and maintain. The cutting-edge chips they need are expensive and in short supply. And every query of an AI system costs far more than a simple Google search.

The challenges facing newer AI companies contrast with the early business results at OpenAI, backed by $13 billion from Microsoft. The attention it has generated with its ChatGPT system has allowed the company to build a business charging $20 a month for its premium chatbot and offered a way for businesses to develop their AI services with the technology that drives its chatbot².

Russian Web Hosting Data Leak

In one of the most significant cyberattacks of the year, over 54 million user profiles were exposed, compromising sensitive data such as email addresses and phone numbers.

A website builder owned by a top Russian hosting provider, uCoz, has leaked millions of records with private user data. The website builder is Uid.me, created by the Russian tech company uCoz. uCoz is among the top sites for Russian-speaking users according to web traffic analysis company Alexa Internet Inc.

Cybernews research showed that more than 54 million uID.me users’ profiles were exposed to the public, dating from 2012 to the present. The leak was caused by a misconfiguration on MongoDB, a document-oriented database platform, that left Uid.me data publicly accessible.

The exposed data included user contact details (email/phone), dates of birth (DOB), names, locations, user names and IDs, IP addresses, and timestamps¹. Furthermore, the database revealed password hashes, authentication hashes, secret answers, last visitor IPs, biographies, social media profiles, and photo links.

According to cybersecurity researcher Bob Diachenko, the data was up for grabs on the internet for approximately a week until the company secured the database. “With access to this comprehensive dataset, threat actors could conduct various malicious activities, including identity theft, phishing attacks, social engineering schemes, unauthorized access to accounts across multiple social media platforms, and potentially compromising individuals' online security and privacy,” says Diachenko.

The company has not responded to a Cybernews request for an official comment. This incident highlights the importance of proper data management and security measures, especially for companies handling large amounts of user data.

Microsoft Azure Data Breach

Accounts of hundreds of senior executives were compromised in a cyberattack that used phishing and cloud account takeovers.

Unknown attackers are targeting hundreds of Microsoft Azure accounts, some belonging to senior executives, in an ongoing campaign. The campaign attempts to compromise targeted Azure environments by sending account owners emails that integrate techniques for credential phishing and account takeovers.

The threat actors are combining individualized phishing lures with shared documents. Some of the documents embed links that, when clicked, redirect users to a phishing webpage³. The wide breadth of roles targeted indicates the threat actors’ strategy of compromising accounts with access to various resources and responsibilities across affected organisations.

Once accounts are compromised, the threat actors secure them by enrolling them in various forms of multifactor authentication. This can make it harder for victims to change passwords or access dashboards to examine recent logins. Sometimes, the MFA relies on one-time passwords sent by text messages or phone calls. In most instances, however, the attackers employ an authenticator app with notifications and code.

Proofpoint observed other post-compromise actions, including data exfiltration, internal and external phishing, financial fraud, and the creation of mailbox rules. Attackers access and download sensitive files, including financial assets, internal security protocols, and user credentials³. Mailbox access is leveraged to conduct lateral movement within impacted organizations and to target specific user accounts with personalized phishing threats.

This incident highlights the importance of proper data management and security measures, especially for companies handling large amounts of user data.

As we wrap up this week’s journey through the dynamic realm of cybersecurity, it’s evident that the field is in constant flux, with new challenges and innovations emerging at every turn. Staying informed and proactive is crucial in safeguarding our digital frontiers. Let us carry forward the insights gained and remain vigilant, adapting to the ever-changing cybersecurity landscape with resilience and foresight. Together, we can strive for a safer cyber world today and in the future.