Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday.

“We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold have not changed. Cyberattacks still follow basic steps. It just becomes an incredible speed now.”

The best way to deal with those attacks is to implement all the traditional defenses, like those the FBI has been emphasizing as part of its Operation Winter SHIELD media campaign, he said.

“Don’t worry about the speed and capability” of AI attacks, Biloski said at a Billington Cybersecurity conference. “If you’re focused on the basics, it’ll help prevent the actual intrusion from occurring.”

It’s a message that the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, also shared at the conference. Sophisticated attackers are out there, he said, but the agency’s recent binding operational directive for federal agencies to get rid of unsupported edge devices was a way of shoring up basic vulnerabilities.

“We continue to see any non-zero-days continuing to be exploited within this environment,” he said. “The very least that we can do is harden that edge and make it just a little bit more difficult to take advantage in that regard.” 

His advice to state and local officials was to take a “back to the basics” approach, such as adopting multi-factor authentication.

Bilnoski offered further warnings about the threat, too.

“Identity is the new perimeter. You’re hunting legitimate traffic on your network,” he said. “So we’re no longer seeing malware drop. We’re no longer seeing these very noisy TTPs [tactics, techniques and procedures]. It’s legitimate credentials moving laterally throughout the network, as if it’s a legitimate user on the network. You need to hunt the adversaries as if they’re already on your network, because that’s the type of activity you’re looking for.”

The post FBI says even in an AI-powered world, security basics still matter appeared first on CyberScoop.

The FBI’s cyber chief is prioritizing preparation for stepped-up Chinese threats, enhanced confrontation of adversaries in cyberspace and quicker intelligence sharing with industry as the bureau enters the second and final month of a unique cybersecurity awareness campaign.

Brett Leatherman, who took over as assistant director of the FBI’s cyber division last summer, listed those topics as his three top priorities in a recent interview with CyberScoop. At least two of them overlap considerably with the bureau’s current awareness campaign, Operation Winter SHIELD.

It’s the kind of thing that might normally be more expected to come out of the Cybersecurity and Infrastructure Security Agency, which once had its own shield-themed campaign, rather than the FBI.

‘We’ve never done a media campaign like this before,” he said. “But while it’s atypical for a law enforcement agency to do this kind of technical media campaign, we thought it was incredibly important because it translates that law enforcement perspective [into] meaningful ways that industry can move the needle towards increased resilience across critical infrastructure, industry, government agencies and beyond.”

As part of the campaign, the FBI is highlighting 10 recommendations, like protecting security logs and implementing phishing-resistant authentication, that stem from the FBI’s incident response mission.

“The 10 recommendations that we’re making right now are not a surprise to many people out there who work or have cyber over the last few years, but it’s important that we also highlight that these 10 controls are the ways that we continue to see actors getting into fortune 100 businesses and small to medium businesses in virtually 99% or greater of the investigations we run,” Leatherman said.

The campaign has involved localized events for industry, podcasts, international appearances, coordinated messages with cyber-focused companies and more. They sometimes emphasize different threats based on where they’re held, or specific cases that demonstrate how not following the 10 recommendations has led to a past real-life breach. 

In the Honolulu field office, for instance, the FBI held a cyber executive summit with critical infrastructure owners and operators and other key partners. There, the emphasis was on how Hawaii is a potential target of Chinese hackers, especially with the possibility of a People’s Republic of China invasion of Taiwan in 2027.

Securing 2027 is the first priority for Leatherman as assistant director of the cyber division. The idea is to “defend the homeland against an increased PRC targeting of the homeland,” should a China-Taiwan conflict have U.S. spillover.

Leatherman’s second priority is better contesting U.S. adversaries in cyberspace, with joint, sequenced operations — “technical operations through our lawful authorities to remove capacity and capability from the adversary.” That includes looking for ways to enhance those operations with AI.

And his third priority circles back to information sharing with industry. Leatherman said the FBI has some unique cyber threat intelligence capabilities and wants to share it more quickly, so it can have an immediate impact.

Leatherman said Winter Shield is meant to serve as a complement to CISA’s work and vice-versa. The international component of the campaign still has an eye on the homeland, he said. “We’re helping partners understand the Internet is so interconnected now, companies are international, and if you just do this work here in the homeland, you’re at risk of actors targeting your international operations and pivoting into U.S.-based work,” he said.

The second Trump administration’s approach to the FBI has raised concerns from Congress, former agents and elsewhere about whether the bureau’s cyber focus is being curtailed. The bureau has lost veteran leadership, and FBI data that a top Senate Democrat released points to personnel being shifted to immigration-related tasks, including those drawn from cyber work. The administration has also proposed budget cuts for the bureau.

And the FBI’s parent agency, the Justice Department, has shut down a team that combats cryptocurrency crimes amid industry backlash toward U.S. government actions in cases like  Tornado Cash, which the Biden administration accused of abetting money laundering from ransomware outfits.

Leatherman said FBI Director Kash Patel and other bureau leaders have been strong backers of the FBI’s cyber mission.

“We have not moved resources from [the] cyber division,” he said. “We still have our virtual asset unit, we still have our Virtual Currency Response Team, all those teams responsible for tracking the stolen crypto from” North Korea.

“We’re doing regular tracing. We’re trying to seize that when we can,” he said. “We’ve increased our ability to target nation-state actors given the support of FBI leadership, so we have not moved resources off the threat and we continue to prioritize both threat actor pursuit and victim engagement.”

The post The FBI’s cyber chief is using Winter SHIELD to accelerate China prep, threat intelligence sharing appeared first on CyberScoop.