T-Mobile & Verizon Employees Targeted, U.S. AI Safety Institute Bolsters Leadership Amid Controversy

[00:00:00] It's Thursday, April 18, 2024 and I'm Dave Sobel. Three things to note today.

[00:00:08] T-Mobile and Verizon employees are targeted in a bribery scheme for SIM swaps,

[00:00:13] DNH distributing boosts credit for over 600 SMB channel partners to fuel their growth,

[00:00:20] and the U.S. AI Safety Institute bolsters its leadership with top experts from Open AI in

[00:00:26] Stanford but not without controversy. This is the Business of Tech.

[00:00:33] With as many breaches and security concerns as I report on this show, it should be obvious that

[00:00:37] cybersecurity is not just about technology, but also the human expertise needed to interpret

[00:00:43] and respond to complex threats. Huntress is focused on elevating SMBs and MSPs around the worry.

[00:00:51] Huntress has a suite of fully managed cybersecurity solutions powered by a 24x7 human-led SOC,

[00:00:58] dedicated to continuous monitoring, expert investigation and rapid response.

[00:01:03] And the proof is the execution. Huntress is the number one rated EDR for SMBs on G2.

[00:01:12] Want to know more about the platform? Visit huntress.com.mspradio to learn more.

[00:01:18] Criminals are targeting T-Mobile and Verizon employees with text messages offering $300 for

[00:01:26] performing SIM swaps. The messages claim to obtain contact information from an employee

[00:01:32] directory. Charter communications employees have also reported similar texts. T-Mobile is

[00:01:38] investigating the messages but denies suffering a breach. SIM swap attacks can lead to unauthorized

[00:01:45] access, identity theft and financial losses. The FBI has warned about the increasing prevalence of

[00:01:51] SIM swap attacks and introduced new rules to protect consumers. The Lockbit ransomware as a

[00:01:57] service group has targeted an organization in West Africa using a new variant of the Lockbit 3.0

[00:02:04] Builder. This variant can generate custom self-propagating ransomware that's difficult

[00:02:10] to defend against. The attacker has used stolen credentials to gain full control of the victim's

[00:02:15] infrastructure. Lockbit 3.0 has been actively used by attackers since it was leaked in 2022

[00:02:22] as responsible for a significant number of ransomware attacks.

[00:02:26] Academics from the University of Illinois or Bona-Chimpay have found that Open AI's GPT-4

[00:02:32] large language model can autonomously exploit real-world vulnerabilities in systems

[00:02:37] by reading security advisories. GPT-4 exploited 87% of vulnerabilities described in CBE

[00:02:46] advisories compared to 0% for other models tested. The researchers believe future models will be

[00:02:52] even more capable, potentially surpassing KITI's current SIST levels. Limiting the public

[00:02:59] availability of security information is not seen as a viable defense against LLM agents and proactive

[00:03:06] security measures such as regular package updates are encouraged. Why do we care?

[00:03:14] This story has been lingering in my head. The risk of a bribe is so pervasive and now so easy. Think

[00:03:20] about that in your own employee base. On top of that, we have ransomware that can self-propagate

[00:03:25] and AI models that can soon leverage security research to exploit those vulnerabilities quickly.

[00:03:32] Basic security hygenes, patching backups and authentication are going to become increasingly

[00:03:38] difficult potentially to the exclusion of focusing on anything else for most organizations.

[00:03:44] Planning for when is the new black?

[00:03:49] Let's review the tactical news. Microsoft plans to allow solution providers in its

[00:03:54] cloud solution provider program to transfer end customers new commerce experience subscriptions

[00:04:00] from one partner to another, providing greater flexibility and a smoother experience for partners

[00:04:05] and customers. The change applies to direct bill and indirect providers and the transfer can only

[00:04:11] be done for CSP license and seat based subscriptions. This update addresses a major issue that's

[00:04:18] affected some solution providers since the rollout of the NCE program.

[00:04:23] Amazon has announced the availability of Anthropic Clawd 3 Opus on Amazon Bedrock,

[00:04:28] along with Clawd 3, Saabit and Haiku. The Clawd 3 models are suitable for automating tasks,

[00:04:34] creating user-facing applications and accelerating research and development in various sectors.

[00:04:39] DNH distributing has increased credit limits for over 600

[00:04:43] SMB channel partners in North America, giving them greater purchasing capabilities for larger

[00:04:49] projects and market expansion. These credit line extensions and extended financing options

[00:04:54] aim to support VARs and MSPs in areas such as AI, cloud services, security and collaboration products.

[00:05:01] This marks DNH's largest annual credit extension in the company's history,

[00:05:06] totaling $400 million for fiscal year 2024.

[00:05:11] GUARDS has established a strategic partnership with AI security company Sentinel-1,

[00:05:16] which includes an investment from Sentinel-1's venture fund, S Ventures.

[00:05:21] GUARDS and Sentinel-1 will collaborate on technological advancements and go-to-market

[00:05:25] strategy to empower MSPs to serve SMB clients against cyber threats.

[00:05:30] Sonomi has raised $20 million in funding led by Canon, with participation from Flint, S16V,

[00:05:37] and Alonic. Sonomi's AI-powered VCIO platform automates the SISO experience for MSPs and MSSP's,

[00:05:45] allowing them to scale their businesses and offer high-level cybersecurity services.

[00:05:50] The funding will also help expand their operations, enhance their platform and deepen partnerships.

[00:05:56] Why do we care? Sentinel-1 really does deals with everyone, don't they? I can't help but trip over

[00:06:02] a way to buy from them. Broad distribution is good for Sentinel-1, but less for all their partners.

[00:06:10] Remember that trade-off, it loses its unique nature. Now focus on DNH, which reminds me of the

[00:06:17] value of financial partners. The pandemic reinforced this as a significant value at,

[00:06:22] and I wanted to highlight how money is available for partners who need it and also,

[00:06:27] never be the bank for your customers.

[00:06:32] The U.S. AI Safety Institute, hosted in the National Institute of Standards and Technology,

[00:06:37] has added five new members to its leadership team. The new members, including experts from

[00:06:42] OpenAI, Stanford University and the White House Office of Science and Technology Policy,

[00:06:47] will help execute tasks outlined in President Joe Biden's executive order on AI.

[00:06:52] They will focus on designing and testing AI models, overseeing agency operations,

[00:06:56] implementing broader agency strategy, and fostering international cooperation.

[00:07:02] Ours, Technica Profile-1, Paul Cristano, a former OpenAI researcher known for his work

[00:07:07] on AI safety and his predictions of potential AI doom, has been appointed as the head of AI safety

[00:07:13] at the U.S. AI Safety Institute. While some view his appointment as a risk due to his AI doomer views,

[00:07:21] other believe his expertise makes him well suited for the role. The appointment has

[00:07:25] sparked controversy within NIST, with some staff members expressing concerns about compromising

[00:07:31] the institute's objectivity and integrity. His responsibilities will include monitoring

[00:07:36] current and potential risks, conducting tests of AI models, and implementing risk mitigations.

[00:07:43] Now why do we care? If you haven't said something controversial, you haven't said anything

[00:07:48] interesting. I'm going to take a wait-and-see approach here and note he's one of five

[00:07:52] new voices to move the lines from the strategic goals set forth in President Biden's order,

[00:07:57] which aims to establish leadership, reduce risks, foster cooperation in developing and

[00:08:02] deploying AI technologies. And where are the best places for arguments like this? NIST.

[00:08:12] Today's episode is supported by CoreView. Your customers need your Microsoft 365 expertise,

[00:08:18] and CoreView has the only M365 management platform designed for MSPs. Manage hundreds of

[00:08:25] tenants, automate manual tasks, and monitor compliance, all while intelligently comparing

[00:08:30] to the baseline. With a no-coat control approach, CoreView revolutionizes your Microsoft 365

[00:08:36] administration. This powerful platform enables automatic reporting and remediation, ensuring

[00:08:42] optimal performance and security. The best part? You achieve this high level of service without

[00:08:48] the need for a large workforce, allowing you to focus on growing your business through

[00:08:53] efficiency. Want to know more? Visit coreview.com slash msp and find out more.

[00:09:01] Thanks for listening. Today is Adult Autism Awareness Day, so I'm doing my part to make you aware.

[00:09:09] Have a question you want answered? We take those lists or questions, send them ideally as a voice

[00:09:14] member or video to question at mspradio.com. I answer all those lists or questions live

[00:09:19] each week on our Wednesday live show on YouTube and LinkedIn. Next week, 3pm Eastern. And

[00:09:24] if you got a comment or a thought, I do want to hear from you. Put it in the comments

[00:09:28] if you're on YouTube, reach out on LinkedIn if you're listening to the podcast. Talk to you again

[00:09:33] tomorrow. The business of tech is written and produced by me, Dave Sobel, under ethics guidelines,

[00:09:40] post it at businessof.tech. If you like the content, please make sure to hit that like button,

[00:09:46] follow or subscribe. It's free and easy and the best way to support the show

[00:09:51] and help us grow. You can also check out our Patreon where you can join the business

[00:09:56] of tech community at patreon.com slash mspradio or buy our Why Do We Care merch at businessof.tech.

[00:10:05] Finally, if you're interested in advertising on the show, visit mspradio.com slash engage.

[00:10:12] Once again, thanks for listening to me and I will talk to you again on our next episode

[00:10:17] of The Business of Tech. Part of the MSP Radio Network.