• Neeve
  • Posts
  • 🔐 How AI Rules Are Changing Security

🔐 How AI Rules Are Changing Security

Fines, leaks, and hacks—key cyber updates

Author

Alison Bridge
April 22, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

As AI becomes integral to cybersecurity operations, regulatory frameworks are rapidly emerging to govern its use, creating both challenges and opportunities for security leaders.

  • Governments worldwide are introducing AI regulations focused on transparency, accountability, data protection, and ethical use.

  • Security leaders must balance innovation with compliance, requiring collaboration between legal, technical, and operational teams.

  • Critical compliance factors include data privacy controls, algorithmic transparency, bias prevention, incident reporting procedures, and continuous monitoring.

  • Organizations need dynamic governance structures to oversee AI deployments and integrate compliance checks throughout development and operations.

  • Regular staff training on regulatory requirements and ethical AI use is essential for maintaining compliance.

🤔 The Bigger Picture:

Forward-thinking security leaders should view regulations not as constraints but as catalysts for stronger practices. Organizations that proactively incorporate regulatory requirements into risk management, invest in explainable AI tools, and engage with regulators will gain competitive advantages. Embracing a culture of ethical AI use enhances reputation and customer trust while reducing both regulatory and cyber risks.

The global cybersecurity community nearly faced a catastrophic disruption as funding for the critical Common Vulnerabilities and Exposures (CVE) database almost expired last week.

  • MITRE announced that government funding for the CVE database was set to expire on April 16, threatening "deterioration of national vulnerability databases" and critical infrastructure.

  • The CVE program has cataloged over 274,000 security flaws since 1999 and serves as the universal standard for tracking vulnerabilities worldwide.

  • CISA executed a last-minute 11-month contract extension, temporarily averting the crisis but highlighting significant systemic risks.

  • Industry experts compare CVE to "the Dewey Decimal System for cybersecurity," essential for coordinated global security responses.

  • This isn't the first funding crisis; similar issues occurred last summer when insufficient resources hampered management of new vulnerabilities.

🤔 The Bigger Picture:

This near-shutdown reveals dangerous fragility in our global security infrastructure. Organizations should monitor developments with the new CVE Foundation, which aims to eliminate this single point of failure in vulnerability management. Security teams should consider exploring alternative vulnerability tracking systems and linked data technologies as contingency plans for potential future disruptions.

Ghost Ransomware (also known as Cring) has emerged as one of the most dangerous ransomware variants operating globally, combining sophisticated encryption with aggressive extortion tactics.

  • The FBI and CISA issued a joint advisory in February 2025 warning about Ghost's escalating global campaign across 70+ countries.

  • Ghost operates with remarkable speed, completing attack cycles from breach to encryption in under 24 hours—significantly faster than groups like Conti or LockBit.

  • BlackFog researchers attribute the malware to a financially motivated cybercriminal gang operating from China using various dark web aliases.

  • The attackers deliberately target organizations struggling with "patch fatigue"—those with overwhelmed IT teams unable to keep pace with vulnerability updates.

  • Ghost employs a double-extortion model, threatening both permanent encryption and public release of stolen data to maximize pressure for ransom payments.

🤔 The Bigger Picture:

Ghost's technical sophistication and rapid attack methodology create extraordinary challenges for organizations worldwide. Security teams must prioritize patching of internet-facing systems, implement robust detection capabilities, and establish comprehensive incident response plans. With attacks completing in under 24 hours, traditional security approaches that rely on human intervention may prove inadequate against this emerging threat.

Financial institutions worldwide face unprecedented ransomware threats, with new data exposing the staggering economic impact of these increasingly sophisticated attacks.

  • The average cost of data breaches in the banking sector has reached $6.08 million per incident, marking a 10% increase from the previous year.

  • Approximately 3,348 documented attacks globally targeted banking infrastructure in 2024 using multi-stage attack methodologies.

  • Ransomware operators have shifted to "triple extortion" methods, combining encryption, data theft, and DDoS attacks for maximum leverage.

  • Banks experiencing ransomware attacks face an average detection and containment timeframe of 258 days, with affected institutions typically seeing a 2.3% stock price decline within four days, extending to 4.6% over two months.

  • Initial infection vectors frequently involve compromised financial document templates containing embedded macros that establish PowerShell backdoors.

🤔 The Bigger Picture:

The banking sector faces uniquely targeted attacks designed to exploit specialized financial systems and maximize pressure for payment. This industry-specific threat requires tailored defenses beyond standard ransomware protection. Organizations should implement advanced threat hunting, network segmentation, and privileged access management specifically designed for financial environments. Regular incident response testing using banking-specific ransomware scenarios is essential as customer trust erosion following breaches leads to significant account closures within six months.

Further Alerts & Insights

📰 AI's Dual-Edged Security Impact

A comprehensive analysis reveals AI's evolving role in both defensive and offensive security operations. While AI enhances threat detection, phishing prevention, and incident response for defenders, threat actors are leveraging it for credential theft, disinformation campaigns, and malware development. The most underestimated risk may be LLMs themselves becoming attack surfaces when deployed as interfaces to critical systems—similar to web applications in the 2000s.

📰 NGFWs Evolve for AI Threat Era

Next-generation firewalls are transforming to counter AI-powered attacks in hybrid cloud environments. Modern NGFWs now require AI detection engines, real-time threat intelligence, and protections against AI-specific vulnerabilities like prompt injection and data poisoning. Organizations should assess if their firewalls can protect across all platforms and adapt to rapid cloud content changes.

📰 Exchange & SharePoint Under Active Attack

Microsoft warns of escalating attacks against on-premises Exchange and SharePoint servers using sophisticated NTLM relay techniques and stealthy persistence methods. The company has integrated Windows Antimalware Scan Interface (AMSI) to detect threats in real-time, but organizations must still patch systems urgently and enable Extended Protection for Authentication where possible.

📰 "Slopsquatting" Exploits AI Coding Hallucinations

A new attack called "Slopsquatting" targets AI coding tools that recommend non-existent packages (about 20% of suggestions). Attackers register these hallucinated package names to distribute malicious code, with open-source models being more vulnerable than commercial ones. These convincing fake names create a persistent security risk for developers relying on AI-generated code recommendations.