Cyber Attackers Are Using AI: Are You Ready?
Fully functioning and lifelike cyber-humans aren’t a reality yet, but advances in artificial intelligence and machine learning have accelerated enough to have cybersecurity experts worried.
Like a virus that mutates and evolves to evade inoculation, or like AI itself, cyber criminals are already exploring, learning, and finding ways to exploit AI.
This is Just the Beginning
Counter-intelligence news reports are full of examples of attacks that have taken advantage of some form of machine learning:
Orangeworm is a prime example. It has specifically targeted healthcare and other critical infrastructure organizations, performing an initial assessment to determine if the computer it’s on has any value to the attacker. It actually ignores machines that don’t have what it wants but propagates itself when it determines it has found a high-value target.
NotPetya in 2017 spread quickly around the globe, leaving a wide path of destruction in its wake. It was believed to have had some machine learning built into it that allowed it to learn on the fly, finding ways around blocked transfer protocols, for example.
Another attack in 2017 used machine learning to observe and then mimic the patterns of normal human behavior inside a network. This allowed the attack software to blend into the network, making it harder to detect.
“Cyber criminals are definitely already using at least some form of machine learning, if not artificial intelligence,” says Sensato Cybersecurity CEO John Gomez. “They use it to dramatically scale up their operations by analyzing systems and data, determining first the value of their targets and then the value of the information they’ve stolen or the systems they’re holding hostage.”
There are a lot of specific ways that AI and machine learning can be used by cyber attackers—hyper-malware that doesn’t require human input, smart swarmbots, sharper spear phishing, 100-percent effective CAPTCHA breakers, data corruption and destruction, to name a few—but they all boil down to essentially the same thing: AI and machine learning will make attacks exponentially faster, harder to counteract, and more targeted while at the same time covering more ground.
Worse, AI programs that can design more complex and sophisticated AI’s faster than humans will make these first machine learning and AI programs look like child’s play.
This presents a daunting challenge for cybersecurity experts, who are turning to AI and machine learning themselves to not only find and patch gaps in security, but also use it to go on the offensive.
“Our mantra has always been that we have to hack the attackers,” says Gomez. “In cybersecurity, we always have to be trying to get into the minds of the attackers, understanding their motives and tactics. AI and machine learning take everything to the next level.”
This makes finding the right cybersecurity partner even more important, because what makes AI most effective is data. Lots and lots of data. Your cybersecurity partner should have a global network of sensors and other inputs, and should be AI-equipped to analyze the sheer volume, variety, and velocity of all the data flowing from them.
Unlike traditional software, AI learns from each contact, each action, each input. The more data, the more an AI system can learn about user behavior, network traffic patterns, volume, and other markers to help it quickly spot, analyze, and address anomalies. Just as AI used by attackers can independently adapt to whatever conditions it encounters, the AI used by your cybersecurity partner should be as nimble and adept.
Another way AI will become increasingly useful for cyber defenders is in the use of natural language processing and analysis. Much like Homeland Security looking for certain words and phrases that could indicate a terrorist attack, AI can be on the lookout for chatter about a cyber attack. Beyond simply processing and analyzing vast quantities of data, AI is learning how to interpret the meaning of it all so that cyber defenders can react swiftly.
AI can also be used to help a healthcare organization get a full picture of its entire network, all information assets, all connected devices, all programs, everything—even helping organizations stay in compliance. “One of the most shocking and yet common things we find in the field is that many organizations do not have a full accounting of everything on their systems,” says Gomez. “It’s an old joke that if you want to know everything about your network, hire a hacker, right? But it’s true, and it’s a tactic we employ when we perform penetration testing. AI can accelerate that process and even give us a real-time risk assessment.”