July 30, 2018
4 minutes

Cyber Attackers Are Using AI: Are You Ready?

Like viruses that mutate and evolve to evade inoculation criminals constantly find ways to exploit AI and machine learning. AI deployment by cybersecurity experts will be essential for protecting healthcare organizations.

Cyber Attackers Are Using AI: Are You Ready?

Fully functioning and lifelike cyber-humans aren’t a reality yet, but advances in artificial intelligence and machine learning have accelerated enough to have cybersecurity experts worried.

Like a virus that mutates and evolves to evade inoculation, or like AI itself, cyber criminals are already exploring, learning, and finding ways to exploit AI.  

This is Just the Beginning

Counter-intelligence news reports are full of examples of attacks that have taken advantage of some form of machine learning:

Orangeworm is a prime example. It has specifically targeted healthcare and other critical infrastructure organizations, performing an initial assessment to determine if the computer it’s on has any value to the attacker. It actually ignores machines that don’t have what it wants but propagates itself when it determines it has found a high-value target.

NotPetya in 2017 spread quickly around the globe, leaving a wide path of destruction in its wake. It was believed to have had some machine learning built into it that allowed it to learn on the fly, finding ways around blocked transfer protocols, for example.

Another attack in 2017 used machine learning to observe and then mimic the patterns of normal human behavior inside a network. This allowed the attack software to blend into the network, making it harder to detect.

Read about the known and potential threats to healthcare information and medical device security

 “Cyber criminals are definitely already using at least some form of machine learning, if not artificial intelligence,” says Sensato Cybersecurity CEO John Gomez. “They use it to dramatically scale up their operations by analyzing systems and data, determining first the value of their targets and then the value of the information they’ve stolen or the systems they’re holding hostage.”

Dizzying Possibilities

There are a lot of specific ways that AI and machine learning can be used by cyber attackers—hyper-malware that doesn’t require human input, smart swarmbots, sharper spear phishing, 100-percent effective CAPTCHA breakers, data corruption and destruction, to name a few—but they all boil down to essentially the same thing: AI and machine learning will make attacks exponentially faster, harder to counteract, and more targeted while at the same time covering more ground.

Worse, AI programs that can design more complex and sophisticated AI’s faster than humans will make these first machine learning and AI programs look like child’s play.

Medical devices have an average of 6.2 vulnerabilities each.  Learn more about how to protect your patients and patient information with MD-COP

This presents a daunting challenge for cybersecurity experts, who are turning to AI and machine learning themselves to not only find and patch gaps in security, but also use it to go on the offensive. 

“Our mantra has always been that we have to hack the attackers,” says Gomez. “In cybersecurity, we always have to be trying to get into the minds of the attackers, understanding their motives and tactics. AI and machine learning take everything to the next level.”

This makes finding the right cybersecurity partner even more important, because what makes AI most effective is data. Lots and lots of data. Your cybersecurity partner should have a global network of sensors and other inputs, and should be AI-equipped to analyze the sheer volume, variety, and velocity of all the data flowing from them.

Beyond Algorithms

Unlike traditional software, AI learns from each contact, each action, each input. The more data, the more an AI system can learn about user behavior, network traffic patterns, volume, and other markers to help it quickly spot, analyze, and address anomalies. Just as AI used by attackers can independently adapt to whatever conditions it encounters, the AI used by your cybersecurity partner should be as nimble and adept.

Another way AI will become increasingly useful for cyber defenders is in the use of natural language processing and analysis. Much like Homeland Security looking for certain words and phrases that could indicate a terrorist attack, AI can be on the lookout for chatter about a cyber attack. Beyond simply processing and analyzing vast quantities of data, AI is learning how to interpret the meaning of it all so that cyber defenders can react swiftly.

AI can also be used to help a healthcare organization get a full picture of its entire network, all information assets, all connected devices, all programs, everything—even helping organizations stay in compliance. “One of the most shocking and yet common things we find in the field is that many organizations do not have a full accounting of everything on their systems,” says Gomez. “It’s an old joke that if you want to know everything about your network, hire a hacker, right? But it’s true, and it’s a tactic we employ when we perform penetration testing. AI can accelerate that process and even give us a real-time risk assessment.”

MD-COP will secure your data, devices, and network from targeted and “side effect” attacks.  Act quickly.

Cybersecurity Awareness Month Recap - Resources and Tips
October was National Cybersecurity Awareness Month which is meant to put a spotlight and focus on cybersecurity education and taking action to protect yourself and your organization from a cyberattack. Here’s a roundup of some of the top things we shared in October.
Four New Phishing Tactics to Watch Out For
By now most healthcare organizations perform cybersecurity awareness training and their staff are on the lookout for phishing emails. Cyber attackers are getting more savvy, however and are coming up with new phishing techniques that are harder to spot. Below are some examples of these new tactics and how to spot them.
Real-time Review of Oklahoma State University Cybersecurity Breach
Healthcare organizations that are victims of a cyberattack are reported daily. Reviewing OCR findings to identify actions you can take to protect your organization from similar attacks is a good best practice. Here is a review of the OSU breach to use as an example.
No items found.