29th January, 2024
Artificial intelligence has brought numerous benefits across many industries, from self-driving cars to virtual assistants such as Siri and Alexa. However, just as AI can be used for good, it can also be misused for nefarious purposes. Cyber attackers have been quick to recognise the potential of AI and have already begun deploying it to amplify the scale and effectiveness of their malicious activities.
According to a recent report by Cybersecurity Ventures, the damages related to cyber crime will cost around $10.5 trillion per annum by 2025. This dramatic rise will likely be fuelled in part by AI tools that allow hackers to automate tasks, generate convincing disinformation, and discover new system vulnerabilities. As such, cyber security professionals need to be aware of how AI could be used against them and prepare their defences accordingly.
Evasion of Defences
AI tools can enable attackers to be more effective at hiding their activities, helping to evade existing defences. Algorithms can continuously analyse network activity and system logs to understand patterns that may reveal the attacker’s presence. The AI can then modify its behaviours to blend in with normal user activities, avoiding raising alerts. The tool can mimic normal usage patterns, masquerading malicious actions. With such techniques, AI can allow adversaries to remain undetected within networks for extended periods of time.
Malware Creation and Targeting
One way attackers can use AI is to automate the process of creating and distributing malware. AI algorithms can be trained on large datasets of malware to develop new variants and mutations that can bypass antivirus software. The algorithms can continue evolving the malware to counter defensive measures. This enables campaigns of continually refreshed malware that is highly customised for specific targets.
Automating Cyber Attacks
One of the most impactful benefits that AI brings to cyber attackers is the automation enabled by AI algorithms. Tasks that once required human oversight, like taking control of networks, deploying malware payloads, and exfiltrating data, can now be automated. This enables attacks to be conducted at much larger scales, higher speeds, and with more precision.
A payload delivered by one infected host can use AI to map the internal network, identify vulnerabilities, and quickly spread to other connected systems. Defenders have far less time to identify and respond to threats when AI is orchestrating attacks at machine speeds.
Enhanced Social Engineering
Attackers can also leverage AI to find vulnerabilities and weaknesses in systems, allowing them to tailor spear-phishing campaigns and other social engineering strategies. The AI can even mimic human conversation patterns when engaging targets, making the attacks more convincing. All of this enables precise targeting with higher success rates.
Deepfakes and Disinformation
Similarly, AI has demonstrated impressive capabilities in generating fake audio, video, and text content – also known as deepfakes. This can allow adversaries to create extremely convincing disinformation used to manipulate opinion, stock prices, elections, and more.
AI-powered chatbots also allow certain malicious actors to automate the spread of false narratives and propaganda over social networks. Such disinformation can be an effective tool for state-sponsored influence campaigns, while also enabling cyber criminals to orchestrate scams and phishing attacks built on fabricated evidence. The ability of AI systems to craft highly realistic fake content makes differentiating truth from fiction increasingly difficult.
Defending Against the AI Threat
As cyber actors continue developing their AI capabilities, security teams need to evaluate how to best defend their organisations. Some key steps to consider include:
- Investing in AI cyber security tools that can detect anomalies and catch threats that bypass rule-based systems
- Monitoring the dark web for emerging AI tools and Cybercrime-as-a-Service offerings
- Maintaining robust data security, compartmentalisation, and access controls to protect against automated attacks
- Developing AI “immune system” prototypes to test defence capabilities against AI-powered attacks
For example, at Telesoft, our team have developed and utilise a Domain-Generation Algorithm (DGA) detection tool that utilises AI & Machine Learning (ML). DGAs allows attackers to rapidly generate new domains, meaning that once one domain is blocked, the attacks can quickly pivot to another to continue with their attack, which ultimately leads to a game of whack-a-mole for a cyber analyst. However, by utilising our DGA detection tool, analysts can rapidly identify and block these DGA domains, thereby stopping the attacker.
However, avoiding an overreliance on AI in cyber security is also vital. Human expertise and judgment is needed to provide optimum protection; relying entirely on AI risks complacency. For example, new threats may emerge that an AI algorithm is not able to detect.
Telesoft’s Managed Detection & Response (MDR) Service combines the expertise of our cyber analysts with AI & ML to provide organisations with around the clock threat detection and response. With our service, our team of analysts proactively monitor your network environment, identifying and responding to vulnerabilities and early signs of compromise. Our analysts utilise AI & ML to efficiently categorise potential threats in order of severity. This then provides a starting point for threat hunting, from which they can forensically analyse the potential threat and respond appropriately to secure the organisation’s network.
The rise of AI-powered cyber attacks presents a major new frontier when it comes to cyber defence. Cyber criminals are already utilising AI's immense potential to overwhelm legacy defences and to rapidly launch more sophisticated attacks.
To manage this emerging threat, organisations must make cyber security a priority. While utilising AI to help defend against this growing threat can help improve the speed and efficiency of threat detection, AI cannot be seen as a replacement for human cyber analysts. Instead, these tools should be used carefully and in collaboration with cyber security professionals.