Ekoparty Miami, day 2: more hacks with AI, millionaire fraud in Brazil and the cyber influencer who conquers Instagram

As on the first day, the auditorium of the Loews Hotel, in South Beach Miamibegan to fill up only half an hour after the official opening, scheduled for 9. In the United States, where large cybersecurity conferences are usually extremely punctual, the start had a more Latin seal.

That informality, however, worked in their favor: before each talk, the speakers mingled with the public and talked with the attendees, a closeness that is difficult to find in much larger scale events, such as Black Hat o RSA.

This time, the opening was in charge of Aaron Portnoyindustry leader and creator of one of the best-known hacking competitions in the world, Pwn2Own. Later, two talks stood out: one about a million-dollar fraud in Brazil and another about how to add new voices in cybersecurity, by Caitlin Sarian, known influencer (“Cybersecurity Girl”) del ambiente.

Portnoy spoke with Clarion about how the defensive landscape changes in the face of AI-accelerated attacks and why companies and governments need to review tools, regulations, talent and design of their security environments.

One of the most discussed topics in today’s technological world is no longer artificial intelligence as a concept, but rather the well-known “agents”: bots that can automate tasks. It is one thing to use AI to assist in hacking systems and another for an AI to autonomously compromise a third party.

“For years, automated attacks hit the same limitation: software could get in, but a human had to be on the other side deciding what to do next. The human was both the bottleneck and the signal that defenders watched, because every instruction had to cross the edge of the network. AI removes that limitation, allowing for faster, broader, and deeper compromises at scale. This is going to make breaches happen more frequently and at a pace the industry cannot today. assimilate,” Portnoy explained.

This does not imply a kind of magic around an attack, but rather having less dependence on a human operator to decide each step of an attack. To illustrate it, Portnoy cited the Italian philosopher and political theorist Antonio Gramsci: “The old did not finish dying, the new could not be completely born.”

In cybersecurity, many traditional tools work with predefined rules, known threats, and response manuals. This model serves to detect behaviors already seen or relatively foreseeable incidents, but Portnoy warns that AI attacks force us to think about another design. And this forces companies and governments to think differently.

“The most common mistake right now is to assume that AI-enabled attacks can be handled with yesterday’s rules,” he explained to this medium. For Portnoy, many companies are incorporating artificial intelligence into products designed for previous threats, one of the reasons why they are hacked.

“Companies and governments should take a step back and consider tools capable of reading specific AI behaviors at high speed. They also need teams with both offensive and artificial intelligence knowledge and, above all, defensive environments designed for this new type of threat,” he said.

Outside of the fashionable term, Brazilian researcher Jefferson Macedo chose to focus on a much more basic problem: routers modified by hackers and social engineering as a technique to enter systems. “With my talk they will not be able to sing bingo to say artificial intelligence”he joked.

The analyst reconstructed a real case against financial companies in Brazil. According to what he told Clarionhis team has been tracking the same threat actor for “more or less three or four years.”

“The idea is to share a little about a real case that we are working on in Brazil. We have been accompanying them since when they began to attack a specific company and then expanded the attack to other companies in the Brazilian financial sector,” he explained. The latest case, he said, involves about $15 million.

The affected company is kept under reserve. “We need to keep it hidden to maintain the work, as well as other data. But, as far as possible, we are sharing information with some authorities, it is part of everything we are doing to try to capture them,” he said.

Macedo clarified that the attack did not come from the home router of a common user, but from devices placed inside branches of companies that provide financial services. But the most interesting thing is that, according to what he said, the entry combined in-person deception and technical manipulation. “They started working with home routers and in recent years they mutated to working with social engineering to enter company networks,” he summarized.

According to Macedo, the talk sought to mark a counterpoint with the dominant climate of the industry: beyond the advance of artificial intelligence, many intrusions continue to work because organizations still fail in basic controls. “We are talking about AI and a lot of advanced things, but people are not adopting the simple: a second authentication factora second layer of authentication or having a very well configured antivirus,” he said.

“We must assume that attackers are using AI, but again, “We need to take care of the basics”hill.

In another of the talks of the day, Caitlin Sarianknown in networks as “Cybersecurity Girl”, led the discussion towards a less technical but central problem for the industry: how to communicate security risks to users who do not speak the language of specialists.

Sarian has an unusual profile in the industry: she worked in the area of ​​cybersecurity and awareness at TikTok and today combines the work of educator, speaker and cybersecurity influencer. Built a massive audience with simple online safety tips: amassed millions of followers across platforms, with a strong presence on Instagram, TikTok and LinkedIn.

His starting point was that many awareness campaigns they fail before they start because they use words that expel the public. According to Sarian, talking about “cybersecurity”, “smishing”, “quishing” or “phishing” can be useful among experts, but it loses effectiveness when the recipient is a common user. “They lost you in the word cyber,” he said during the talk, explaining why he prefers to talk directly about “scams.”

The idea ran through his entire presentation: for a tip to work, First it has to be understandable and close. Sarian compared that problem to what he called “professional forgetfulness.” Those who work in security have already learned to “walk” within the subject, but they often forget what it was like. when they were just starting to “crawl”. That point, he maintained, explains why so many prevention messages end up being designed from the expert’s logic and not from the user’s real need.

It also made a difference between inform and scare. For Sarian, talking about a risk without offering concrete action only adds noise. “We don’t need to scare people just for the sake of scaring,” he said. Their rule is to avoid the emergency tone if the user cannot do anything with that information. Instead, he proposed building messages that allow action: change passwordsactivate verifications or recognize a scam before responding.

Sarian was recognized as a “cyber woman and educator” in 2024, in addition to having spoken at niche conferences such as the Middle East edition of Black Hat in Saudi Arabia.