Attackers Are Using AI: Are You Ready?
Fully functioning and lifelike cyber-humans aren’t a reality
yet, but advances in artificial intelligence and machine learning have
accelerated enough to have cybersecurity experts worried.
Like a virus that mutates and evolves to evade inoculation,
or like AI itself, cyber criminals are already exploring, learning, and finding
ways to exploit AI.
Just the Beginning
Counter-intelligence news reports are full of examples of
attacks that have taken advantage of some form of machine learning:
Orangeworm is a prime
example. It has specifically targeted healthcare and other critical
infrastructure organizations, performing an initial assessment to determine if
the computer it’s on has any value to the attacker. It actually ignores
machines that don’t have what it wants but propagates itself when it determines
it has found a high-value target.
NotPetya in 2017
spread quickly around the globe, leaving a wide path of destruction in its
wake. It was believed to have had some machine learning built into it that
allowed it to learn on the fly, finding ways around blocked transfer protocols,
in 2017 used machine learning to observe and then mimic the patterns
of normal human behavior inside a network. This allowed the attack software to
blend into the network, making it harder to detect.
Read about the known and potential threats to
healthcare information and medical device security
“Cyber criminals are
definitely already using at least some form of machine learning, if not
artificial intelligence,” says Sensato Cybersecurity CEO John Gomez. “They use
it to dramatically scale up their operations by analyzing systems and data,
determining first the value of their targets and then the value of the
information they’ve stolen or the systems they’re holding hostage.”
There are a lot of specific ways that AI and machine learning
can be used by cyber attackers—hyper-malware that doesn’t require human input,
smart swarmbots, sharper spear phishing, 100-percent effective CAPTCHA
breakers, data corruption and destruction, to name a few—but they all boil down
to essentially the same thing: AI and machine learning will make attacks
exponentially faster, harder to counteract, and more targeted while at the same
time covering more ground.
Worse, AI programs that can design more complex and
sophisticated AI’s faster than humans will make these first machine learning
and AI programs look like child’s play.
have an average of 6.2 vulnerabilities each.
Learn more about how to protect your patients and
patient information with MD-COP
This presents a daunting challenge for cybersecurity experts,
who are turning to AI and machine learning themselves to not only find and
patch gaps in security, but also use it to go on the offensive.
“Our mantra has always been that we have to hack the
attackers,” says Gomez. “In cybersecurity, we always have to be
trying to get into the minds of the attackers, understanding their motives and
tactics. AI and machine learning take everything to the next level.”
finding the right cybersecurity
partner even more important, because what makes AI most effective is
data. Lots and lots of data. Your cybersecurity partner should have a global
network of sensors and other inputs, and should be AI-equipped to analyze the
sheer volume, variety, and velocity of all the data flowing from them.
traditional software, AI learns from each contact, each action, each input. The
more data, the more an AI system can learn about user behavior, network traffic
patterns, volume, and other markers to help it quickly spot, analyze, and
address anomalies. Just as AI used by attackers can independently adapt to
whatever conditions it encounters, the AI used by your cybersecurity partner
should be as nimble and adept.
Another way AI
will become increasingly useful for cyber defenders is in the use of natural
language processing and analysis. Much like Homeland Security looking for certain
words and phrases that could indicate a terrorist attack, AI can be on the
lookout for chatter about a cyber attack. Beyond simply processing and
analyzing vast quantities of data, AI is learning how to interpret the meaning
of it all so that cyber defenders can react swiftly.
AI can also be
used to help a healthcare organization get a full picture of its entire
network, all information assets, all connected devices, all programs,
everything—even helping organizations stay in compliance. “One of the most
shocking and yet common things we find in the field is that many organizations
do not have a full accounting of everything on their systems,” says Gomez.
“It’s an old joke that if you want to know everything about your network, hire
a hacker, right? But it’s true, and it’s a tactic we employ when we perform
penetration testing. AI can accelerate that process and even give us a
real-time risk assessment.”
MD-COP will secure your data, devices, and
network from targeted and “side effect” attacks. Act quickly.