LAS VEGAS (KSNV) — The advancement of artificial Intelligence is helping cyber criminals hack businesses, according to a cybersecurity expert.
Dasha Davies is the president and chief information security officer for Stealth ISS Group, a 25-year-old cybersecurity consulting, audit, and risk company protecting businesses from being hacked. She said the rise in technology is allowing hackers to leverage the same AI tools to avoid security tools and access sensitive information.
“Since we got AI, it’s not if we’re going to be hacked, but when,” Davies said. “AI makes it a lot easier and quicker, and faster. “You can, today, record somebody’s voice for 15-20 seconds, and you go to a commercially available online tool – probably pay $50 bucks for a monthly subscription – you upload that voice, and you can literally create a phone call. You type in whatever you want that voice to say.”
She said hackers are utilizing social engineering to pretend to be somebody they are not to gain important information, like a password to access a business.
“AI is now being used to actually take a picture or video, and most of us have YouTube videos out there. You can literally create that picture or create a video from something that is publicly available and play it to somebody. Make a Zoom call.”
She said Las Vegas remains a prime target for cyber criminals because of the amount of personal information collected by businesses, including casinos.
MORE ON NEWS 3 | Teen accused in Las Vegas cyberattack released under strict conditions
“Personal information on the black market is big, so this is a perfect target,” Davies said. “Me working here, or us working here in Vegas, I am aware of some of the clients that we work with that were breached, that never made the news, and there are plenty of them.”
She said these include insurance, healthcare, education, and manufacturing.
Two years ago, MGM Resorts International and Caesars Entertainment were hacked between August and October. Law enforcement arrested a 17-year-old from Illinois last week, who appeared in juvenile court on Wednesday. A judge released the teenager from custody under strict conditions after prosecutors accused the defendant of causing $200 million in damages to MGM.
The court is still determining whether the case will remain in the juvenile system or move to the adult criminal system.
Davies said hackers can be as young as 13 or 14 years old, and some countries may start training them in schools by 8 years old for cyber espionage.
“Our adversaries, China, Russia, North Korea, they’ve got proper academies where they focus on really developing these people to go against the U.S., to go against to hack us,” Davies said.
She said the best way anyone can protect themselves is by changing passwords to all accounts every six months in case a business is hacked. Regarding some businesses storing personal information, she said the public can not trust that it will be safe.
“I’ve seen it from small businesses to huge enterprises; there are always gaps,” Davies said. “Nothing in cyber is perfect. You cannot protect yourself. There is no guarantee.”
She said a business using a cloud provider does not mean it’s protected.
“We’re trying to educate the users and the business as well, to understand just moving it from your office into the cloud doesn’t change anything,” Davies said. “It actually makes it worse, because you really do not know the cloud. Where is it, who owns it, who manages it?
MORE ON NEWS 3 | Boyd Gaming reveals employee info breached in cyberattack
She recommended that businesses move away from cloud storage for important information.
“As a cyber security person, I would prefer we’d go away from the cloud, at least for the critical items, and keep them local,” Davies said.