Latest news with #ZscalerThreatLabz
Forbes
31-07-2025
- Business
- Forbes
How AI Can Transform Cybersecurity Compliance And Hardening Efforts
Sunil Kumar Puli is a System Security and Infrastructure Operations expert specializing in AI-driven compliance and hardening. Organizations face an unprecedented challenge in 2025: balancing rapid technology adoption with increasingly complex cybersecurity compliance requirements. As regulations like the EU's Digital Operational Resilience Act (DORA) and updated NIST frameworks take effect, artificial intelligence presents a transformative solution that can significantly reduce compliance burdens while strengthening security resilience. The Compliance Crisis The cybersecurity landscape has become fragmented and overwhelming. According to KPMG research, 65% of organizations report low confidence in investing in new cyber technologies due to a lack of understanding or trust. Meanwhile, Zscaler ThreatLabz found that enterprises are blocking nearly 60% of AI/ML transactions, indicating that compliance concerns are causing overly restrictive approaches that hinder innovation. Traditional compliance relies on manual processes, periodic audits and reactive remediation methods that are resource-intensive and inadequate for addressing dynamic cyber threats. According to Splunk, "While 42% of board members believe CISOs spend an extensive amount of time and effort on regulatory activities, only 29% of CISOs say that is the case." This reveals a perception gap that highlights how compliance obligations can divert security leaders from strategic initiatives, creating a cycle of reactive management that leaves organizations vulnerable. AI As A Compliance Force Multiplier AI offers a path toward efficient, proactive compliance management. Rather than replacing human oversight, AI serves as a force multiplier that automates routine tasks, identifies vulnerabilities before they become critical and provides real-time compliance insights across complex organizational structures. Traditional audits occur quarterly or annually, leaving vulnerability gaps between assessments. AI-powered solutions monitor systems continuously, analyzing configurations, access patterns and data flows to identify compliance deviations in real time. Machine learning algorithms process vast amounts of log data and security metrics to detect patterns indicating potential violations, which is particularly valuable for organizations managing legacy systems alongside modern infrastructure. Organizations struggle with patch management due to IT environment complexity. AI revolutionizes this by analyzing vulnerability data, threat intelligence and system criticality to prioritize patches automatically. Instead of relying solely on vendor severity ratings, AI considers specific organizational context, for instance, prioritizing a medium-severity patch for a public-facing service over a high-severity patch for an isolated internal system based on active threat intelligence. The regulatory landscape evolves rapidly. Recent policy updates require organizations to adapt security practices frequently. AI helps organizations stay current by automatically analyzing new requirements and mapping them to existing security controls. Natural language processing algorithms parse regulatory documents, identify specific requirements and compare them to current compliance postures, enabling proactive gap remediation. Implementation Strategies Organizations should begin with high-impact, low-risk applications. Configuration management represents an ideal starting point because AI can verify system compliance with security baselines without accessing sensitive data or making autonomous changes. Security information and event management (SIEM) enhancement offers another entry point, improving threat detection accuracy while reducing false positives. Rather than implementing comprehensive solutions immediately, build capabilities gradually through pilot projects that demonstrate value and develop internal expertise. Focus on areas where manual processes are most time-consuming and error-prone for the clearest ROI. Invest in training programs to develop both technical AI management skills and analytical capabilities for interpreting AI outputs. Organizations must maintain transparency in AI implementations to satisfy oversight requirements. AI systems used for compliance should provide clear explanations for recommendations and maintain detailed decision logs. This transparency is essential for regulatory compliance and stakeholder trust. Addressing Key Challenges AI effectiveness depends heavily on data quality and integration. Organizations often struggle with siloed systems and inconsistent data formats. Before implementing AI solutions, invest in data governance and integration capabilities to ensure AI systems have access to comprehensive, accurate information. Implement data quality standards and automated validation processes. Successfully implementing AI for compliance requires developing new skills within IT and security teams, both technical AI management skills and analytical capabilities for interpreting outputs. Address resistance through education, value demonstration and gradual implementation that builds confidence over time. Balance AI security benefits with deployment risks. CISA guidance emphasizes applying zero-trust principles to AI systems and implementing robust governance frameworks. Conduct thorough risk assessments and implement appropriate safeguards before production deployment. For third-party AI solutions, develop comprehensive vendor management processes addressing AI-specific risks and transparency requirements. Measuring Success Establish clear metrics for evaluating AI implementation success: • Efficiency Metrics: Time required for compliance assessments, automated versus manual checks ratio and administrative burden reduction • Effectiveness Metrics: Proactive versus reactive violation detection percentage, remediation time and security posture improvement • Cost Metrics: Personnel cost reduction, decreased audit preparation time and avoided violation costs The Path Forward AI integration into cybersecurity compliance represents a fundamental shift toward proactive, efficient security management. As organizations face mounting pressure to protect data while managing complex regulatory requirements, AI offers a practical solution for achieving more with less. Success requires thoughtful implementation, prioritizing transparency, maintaining human oversight and gradually building confidence in AI capabilities. Organizations beginning this journey now will be better positioned for the evolving threat landscape and increasingly complex regulatory environment. The question isn't whether organizations can afford to implement AI for compliance; it's whether they can afford not to. In an environment where cyber threats evolve rapidly and regulatory requirements become more stringent, AI represents the most promising path toward sustainable cybersecurity resilience. Leaders should view AI as a powerful amplifier of human cybersecurity capabilities rather than a replacement. By automating routine tasks, providing intelligent insights and enabling proactive risk management, AI helps organizations protect resources while serving stakeholders effectively. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
29-07-2025
- Forbes
141 Million Data Breach Files Reveal Bank Statements And Crypto Keys
141 million breached files reveal data exposed. Update, July 29, 2025: This story, originally published on July 28, has been updated with additional information from the Anatomy of a Data Breach report that analyzed 141 million compromised files from 1,257 breach incidents, along with data from a newly published Zscaler threat report. It is a sad reflection of the times, as far as data breaches and leaks are concerned, that news of an analysis of 141 million files from 1,257 breaches, including ransomware attacks, hardly registers as being a large number. At least not in the context of aggregated criminal databases containing 16 billion login credentials, or even the recent news of 184 million plaintext passwords found online. The truth is that with the availability and ease of use of infostealers-as-a-servce, which cost hackers as little as $30 a month to rent, you can only expect these numbers to grow. The importance of the 141 million files, however, lies not in the overall number but in the data that is contained within. What is being claimed as the 'biggest ever content-level analysis of breached datasets' has revealed just how concerned everyone should be. The Biggest Content-Level Data Breach Analysis In its Anatomy of a Data Breach report, Lab 1 has compiled the results of what it said was the biggest content-level analysis of data breach files ever. The analysis, based on 141,168,340 records included in a total of 1,297 ransomware and data breach incidents, reconstructed from 'forensic acquisitions of compromised systems,' according to Lab 1, is worthy of note as it didn't just look at dumps of structured data, which ordinarily focus on credentials above all else. Instead, Robin Brattel, Lab 1 CEO, said, the analysis 'focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts.' And, oh boy, did it reveal those huge risks, and then some. 'With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored,' Brattel warned. Organizations simply must understand the kind of information that has been leaked in any data breach, and beyond that, how it can be used in ongoing attacks and exactly who could be impacted. Data Breach Demand Is Fuelling Ransomware Attack Growth Another in-depth analysis, this time published by Zscaler ThreatLabz on July 29, the 2025 Ransomware Report, has revealed the extent to which compromised data is now driving the ransomware attack landscape. "Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example," said Deepen Desai, Cybersecurity executive vice president at Zscaler, 'GenAl is also increasingly becoming part of the ransomware threat actor's playbook, enabling more targeted and efficient attacks.' The demand for data is undoubtedly driving the steady growth in ransomware attacks, although steady growth could be something of an understatement according to the latest Zscaler ThgreatLabz analysis. Zscaler cloud protections have seen a 146% year-over-year increase when it comes to blocking ransomware attacks, a rate which researchers have said is alarming. 'This escalation reflects a strategic shift,' the researchers concluded, that 'ransomware groups are increasingly prioritizing extortion over encryption.' And that has meant a 92% 'increase in the total volume of exfiltrated data by 10 major ransomware groups in the past year.' If you want numbers, the report said this meant a rise from 123 TB to 238 TB.
Forbes
28-03-2025
- Forbes
These Hackers Use Your GPU To Load Password-Stealing Malware
Never underestimate hackers' ingenuity. I learned this very early on in my hacking career, and it's as accurate now as it was in the late 1980s. What's more, this mantra unfortunately applies to hackers of the criminal variety as well as those who do so much good work. Remember, hacking is not a crime until it is. A case in point is when it comes to the deployment of infostealer malware. You know, the software that is being used by so many cybercriminals to compromise credentials, leading to account theft as well as vast quantities of stolen passwords being traded on the dark web. The latest example can be found by hackers using the CoffeeLoader family that executes code using the system GPU in order to evade detection. Graphics cards and the software surrounding them are not a new target for cybercriminals. Whether it's security vulnerabilities in GPU display drivers, or virtual GPU software, you can bet your bottom dollar that hackers are looking out for ways to exploit this powerful part of your system. Infostealer malware attacks that use the GPU are not something I have come across before, at least not to my failing old-man memory. However, CoffeeLoader hackers seem to be employing just this methodology to launch attacks. In a March 26 posting, Brett Stone-Gross, the senior director of threat intelligence at Zscaler, detailed precisely how the CoffeeLoader malware family is being deployed with the help of your graphics card. The whole purpose of the CoffeeLoader malware is to evade detection and bypass security protections in order to download and execute second-stage payloads, the infostealers in question. CoffeeLoader achieves this by employing a sophisticated packer utilizing the GPU as well as call stack spoofing and sleep obfuscation. 'The loader leverages a packer, which we named Armoury,' Stone-Gross said, 'that executes code on a system's GPU to hinder analysis in virtual environments.' The use of packers is a typical behavior of malware families, but the unpacking of the samples contained is rarely mentioned in security reports because, well, it's pretty boring and largely of little importance in the broader scheme of things. This is not the case with CoffeeLoader thanks to the clearly distinguishable packer used that can leverage the GPU in such a way as to execute initial malware code to complicate the threat analysis process. Zscaler ThreatLabz has named this packer Armoury 'because it impersonates the legitimate Armoury Crate utility created by ASUS.' Zscaler has said that CoffeeLoader has been observed being deployed with SmokeLoader, sold as a crimewave kit that includes password-stealing as part of the package. Smoke was subject to law enforcement disruption in 2024, having been active for many years, but apparently, that hasn't killed it off.
