teissTalk: Threat intelligence strategies to mitigate industrial-scale cyber-crime

On 30 January 2025, Teiss Talk host Thom Langford was joined by Todd Wade, Chief Information Security Officer;Matt Hardy, Senior Information Security Executive and Craig Sanderson, Principal Cybersecurity Strategist, Infoblox.

Views on news

A recently debuted AI chatbot dubbed GhostGPT has given aspiring and active cybercriminals a handy new tool for developing malware, carrying out business email compromise scams, and executing other illegal activities. GhostGPT is an uncensored AI model, meaning it is tuned to bypass the usual security measures and ethical constraints available with mainstream AI systems such as ChatGPT, Claude, Google Gemini, and Microsoft Copilot. With this software, everybody can be a script kiddie. ChatGPT can also undermine signatures designed to block malware by helping customise tools. 

How AI can be leveraged in cyber defence

As AI gets commoditised, it’s not necessarily the sophistication of the attacks that will increase but their scale. GenAI can now translate at a high standard into the languages of countries that up until now haven ‘t been targeted by criminals. To keep up with these trends, businesses must automate their defences. Criminals can generate now half a million of domain names, and to identify them, patterns must be identified among DGAs (dynamically generated algorithms) with AI to trace them down to bad actors. By automating their activity, they leave a digital trail behind, though that can provide clues for cyber security experts. 

Criminals also use the traffic distribution system that’s originally a tool used by marketeers. Rather than chasing the individual malware, it’s a more effective approach to target their infrastructure. As these infrastructures are hosted in the cloud, cloud providers could do more to track criminals down. However, they are very agile and jump on to another provider when they are about to be caught out. It’s about 67 days on average between the domain name getting registered and when it’s used for malicious activity for the first time.

So, blocking the domain in this period can be an effective pre-emptive step. While cyber security could previously be done in house by medium sized companies, now they must outsource the function too as they can’t manage its complexities by themselves. As attacks – whether targeted or scatter gun – are bound to happen, security professionals must concentrate on incident response, business continuity and disaster recovery. 

However, it must be maintained that getting the basics right can protect SMEs from a high number of cyber threats. In another country, 4,000 lookalike domain names were found that were set up to impersonate the country’s government. A third party provider can monitor the dark web for your company and see if there are any lookalike domains there. In addition to business risk, there is reputational damage too when your customers suffer a cyber-attack or data breach thanks to your vulnerabilities.

When you identify a fake site that imitates yours, it may take some time to take it down, as these sites often aren’t hosted at easy to reach places. Businesses may, again, get a third party to do it for them as fast as possible – in a couple of hours rather than weeks. 

The panel’s advice

• Know what’s on your network.
• Integrate your threat intelligence into your security operations and then use AI to spot threats.
• There are half a million domain names that threat actors “borrow” from businesses and then discard after using them for criminal purposes.
• Bring your different security departments together (risk, incident etc) and let them talk to each other and share data.