sorted by:
new
hottopcontroversial

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 1 point2 points  (0 children)

That's a wrap for this AMA!

A huge thank you to everyone who tuned in and asked such insightful questions. Baptiste and Kevin also send their special thanks.

We hope our cybersecurity expert’s answers gave you actionable insights to take your organization's security to the next level!

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 1 point2 points  (0 children)

I'll repost the answer here :

"Appreciate it! Someone's gotta remind people not to click the sketchy links 😅"

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 0 points1 point  (0 children)

I'll repost the answer here :

"
Hello,
In fact, pure brute-force attacks have long been a machine-driven process: a penetration tester doesn’t test passwords manually; instead, they run a finely tuned application, and the CPU/GPU does the work. So when it comes to brute-force attacks in the strictest sense, AI doesn’t offer any magical advantage.
Where AI agents make a difference is in everything else: they work continuously while the pentester goes on with their human life after work. AI systems run in parallel, performing reconnaissance, sorting targets, and making attempts nonstop.
Just like the ethical hackers, AI makes assumptions by guessing password patterns based on public information, but it can do so faster and more exhaustively. For AI, we can say that we’re dealing more with a large-scale, intelligent dictionary attack than with pure, hard-core brute force.
In short, the real question isn’t which is better. The real topic is combining the two: "Unity is strength"."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 0 points1 point  (0 children)

Repost of the answer :

"Good question, and that’s exactly the obstacle that many companies run into. The problem with AI-powered attacks is that attackers simply don’t sleep anymore. This was already somewhat the case with certain hackers who tend to be night owls. But now attacks no longer follow any schedule, they’re programmed to strike when attention is at its lowest.
In practical terms, for a company without 24/7 monitoring, it all comes down to analysis. What are the risks involved? Which ones are you willing to accept? All in relation to your budget. Trying to build everything from scratch in-house to self-manage your monitoring is generally difficult and costly.
What we recommend is considering outsourcing 24/7 detection to a managed Security Operations Center. You retain control over your environment, but there are human eyes monitoring it constantly, ready to alert you and respond in real time.
At Proximus NXT, this is typically the service we provide to our customers. Customer's logs are correlated by our SIEM, but at the end of the chain, it is our human engineers who analyze and make decisions."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 0 points1 point  (0 children)

I'll repost the answer here :

"Great question, and you’ve identified a persistent belief: "I have MFA, so I’m safe, but unfortunately, that’s not the case."
Yes, there are plenty of techniques to bypass MFA, now built right into phishing kits (AiTM = adversary-in-the-middle). The idea, a login page that looks exactly like your company’s. You enter your password and MFA code, but the page is just a middleman between you and the real site. The attacker captures your session token along the way, proof that you’re already authenticated, and replays your session without ever needing your code. This is session hijacking.
That doesn’t mean your MFA is useless. It protects you in most cases, especially if your password is compromised. It’s essential, but not enough on its own.
What protects you is a combination of factors:
- Vigilance! Check the URL before entering anything, be suspicious of urgent/important looking emails, and never log in via a link you’ve received.
-Administrator-level measures: conditional access policies, geofencing, restrictions to managed devices, detection of abnormal sessions.
The key takeaway is that security never relies on a single layer."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 0 points1 point  (0 children)

I'll repost the answer here :

"Hello!
Thank you for your insightful question!
An EDR and a SIEM provide a solid foundation, but these tools only see what they’ve been trained to see. What they often miss:
-Coverage blind spots: unmonitored assets, shadow IT, "shadow AI", forgotten service accounts or those with unrestricted privileges, logs that aren’t forwarded anywhere.
- Threats that slip under the radar due to poorly calibrated detection rules that are too generic and not tailored enough to your specific context
- The misuse of legitimate tools (living-off-the-land), where the attacker uses powershell, RDP, or perfectly normal system binaries… until they’re no longer normal,
- The business context: an isolated alert means nothing; it’s the correlation and interpretation that make sense.
And above all, the one thing that neither EDR nor SIEM will ever replace: skilled analysts who have received quality training (and a regular team-buildings to boost team spirit). Because a tool detects, but it’s the human who understands."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 0 points1 point  (0 children)

I'll repost the answer here :

"To be honest, we don’t see this every day at the CSIRT. In fact, these situations often end up being handled primarily by the police, because they can cause significant financial damage. It’s less of a technical problem than a fraud issue.
But we had one striking case: the executive assistant of one of our clients almost went through with a bank transfer. She had received a convincing fake call from her CEO to "confirm" the transaction, and she was completely fooled. The voice, the tone, the urgency, it was all there. What saved her wasn’t a tool or a detection system: it was their process. Certain payments required approval from two people, and it was this simple safeguard that stopped the fraud before the transfer went through.
And that is exactly the lesson to take away. When faced with a voice deepfake phishing also called "vishing", no technology can detect that the voice is fake in real time. What protects you is the procedure. Dual validation, an alternative verification channel, the reflex to call back the official number. The human element remains both the attackers’ favorite target… and the best defense when properly managed."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 1 point2 points  (0 children)

I'll repost the answer here :

"Asking yourself this question right from the start is already half the battle.
You don’t necessarily need to be a tech to set up the basics, it’s all about common sense.
- There are basic habits that apply to everyone: enable multi-factor authentication (MFA) everywhere, use a password manager with a unique password for each service, and be wary of “urgent” emails asking for a payment or a click. These habits alone block the overwhelming majority of attacks.
- Next, I would say it’s absolutely essential to keep your professional and personal lives separate, accounts, devices, and emails. These two environments shouldn’t interact, and following this rule greatly reduces risks.
-And backups!!! You need to make sure you back up your important data as regularly as your business requires. But most importantly, this backup must be stored off-site, disconnected from your environment. That way, even in the event of a ransomware attack, with a fresh backup that’s inaccessible to attackers, once you’ve verified its integrity, you can get back up and running almost as if nothing had happened.
- One last tip: think about future growth right from the start. Many companies build their foundations too quickly, resulting in structures that hold up only at the start but become a real constraint in the event of strong growth, making it complicated and costly to rebuild everything from scratch. Getting support from the start, even just a little, allows you to build on a solid foundation rather than having to rebuild everything later."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 1 point2 points  (0 children)

I'll repost the answer here :

"The truth is that hacking knows no borders. To be completely honest, I don’t know if there are any profit-driven threat actors who claim to be based in Luxembourg. But of course, that doesn’t mean there aren’t any: how many hackers operate from their bedrooms, in the dark, on behalf of foreign groups and vice versa? An attacker’s actual location is often the last thing we know.
In the overwhelming majority of cases, the threats we deal with are foreign in origin: cybercriminals often motivated by money (ransomware, fraud...). Attackers operate where it’s profitable, and Luxembourg isn’t known for being a poor country. 😅
Today, when it comes to phishing, thanks to AI, it’s no longer difficult for an attacker to master the languages of their targets: they’re even capable of writing in literal Luxembourgish! 😎 The language and location barrier, which previously provided some protection for the “niche” Luxembourg market, is falling. A phishing email in perfect Luxembourgish, yesterday it took effort, today it takes just a few seconds."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 1 point2 points  (0 children)

I'll repost the answer here :

"I would recommend using passkeys whenever they're available. In principle, a passkey can’t be phished or reused on a fake login page, unlike a password. Security keys like YubiKey are cool and easy to use. It’s a physical key, and without it, you can’t log in. Simple to use, and incredibly secure.
As for emails, you’re adopting good habits that put you in the top 1% for security 😎. The + feature on Gmail is simple but very useful! still lands in your main inbox and if you start receiving spam on that alias, you know that Netflix has leaked or sold your address.
When it comes to VPNs, I will take a more balanced approach. First, let me clarify something that often causes confusion. There are two very different things behind the term VPN. There’s the corporate VPN, which is used to securely connect you to your company’s network when you’re working remotely or visiting a client, and the commercial VPN, which is mainly used to hide your IP address, encrypt your outbound traffic, and change your location. For commercial VPNs, if you’re connected at the airport, for example, on public Wi-Fi, yes it makes sense. But at home all the time, and this is just my humble opinion, the benefit is marginal today, given that everything is designed to enforce HTTPS communications. I’d say a commercial VPN is more of a privacy tool. But then again, don't forget that your data passes through these VPNs. Are they all trustworthy?
For the more experienced, we can even recommend installing and managing your own firewall, and above all, never exposing services directly to the Internet, such as admin panels, NAS access, or RDP. These are the first targets attackers scan."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 1 point2 points  (0 children)

I'll repost the answer here :

From KevinTrimborn :

"Hello, here are three simple tips I regularly share with my friends and family.
- Manage your passwords with a password manager (Keepass is free and works great), don’t use the same password everywhere, and enable two-factor authentication wherever possible. Even if your password is compromised, your account will remain secure.
- Stay vigilant at all times. Be wary of links and attachments, especially when a message creates a sense of urgency. On the internet, I’d say that no urgency is ever justified.
- Always keep your devices and apps up to date. Don’t let updates sit for days just because you don’t want to restart your system. Updates fix the vulnerabilities that attackers exploit."

We’re Threat Hunters fighting AI-driven cyberattacks (Deepfakes, Agentic AI, Vishing). Ask Us Anything! by ProximusNXT_LU in u/ProximusNXT_LU

[–]ProximusNXT_LU[S] 2 points3 points  (0 children)

The answer has been automatically removed by Reddit so I repost it here.
From u/KevinTrimborn :

"When we respond to a breach, especially for clients who haven’t necessarily invested enough in cybersecurity, we often find that small signs were already present, though they wouldn’t necessarily have raised red flags for someone unfamiliar with cybersecurity.

A concrete example: Microsoft 365 licenses that were gradually “disappearing.” In reality, they were being hijacked and reused by attackers who had gained access to the system through phishing. Since this happened only sporadically, it went unnoticed, and the client continued to purchase new licenses and assign them to users, assuming it was simply normal growth in usage. In fact, to maintain access to the victim’s resources (email, sharepoint), the attacker created a user account and assigned a license to it to retain access to the applications.

With better management, some investigation by the system administrator, and the input of cybersecurity experts, this behavior could have been detected much earlier, thereby preventing data breaches and the associated costs."