AI Enables Cyber Attacks

June 4, 2020

Is it not wonderful that technology has advanced so much that we are closer to AI led cyberattacks? It is true that bad actor hackers already rely on AI to augment their nasty actions, but their AI is not on par with human intelligence yet. Verdict warns that AI powered cyberattacks will be on the rise in the future: “Leveling Up: How Offensive AI Will Augment Cyberattacks.”

A 2020 Forrester report stated that 88% of security leaders believe AI will be used in cyberattacks and over half thought an attack could occur sometime in the next twelve months. Cyber security professionals are already arming their systems with AI to combat bad actors using the same technology, but they cannot predict everything.

Bad actor hackers want AI capabilities, because it scales their operations, increases their profitability, provides an understanding of context, and makes attribution and detection harder. Verdict’s article breaks down a bad actor hacker’s attack strategy.

The first step would be reconnaissance, where chatbots interact with employees with AI generated photos. Once the chatbots gained the victims’ trust, CAPTCHA breakers are used for automated reconnaissance on the public Web site. The next step would be intrusion with spear-phishing attacks targeted at key employees.

Part three would follow with an attacker hacking the enterprise framework and blending in with regular business operations. The next phases would collect passwords another privileges as the hacker moved laterally to gather more targeted information while avoiding detection. The final phase would be where the AI shows its chops by pre-selecting information to steal instead of sifting through an entire system. The AI would get it, download the targeted data, and then get out, most likely without a trace.

“Offensive AI will make detecting and responding to cyberattacks far more difficult. Open-source research and projects exist today which can be leveraged to augment every phase of the attack lifecycle. This means that the speed, scale, and contextualization of attacks will exponentially increase. Traditional security controls are already struggling to detect attacks that have never been seen before in the wild – be it malware without known signatures, new command and control domains, or individualized spear-phishing emails. There is no chance that traditional tools will be able to cope with future attacks as this becomes the norm and easier to realize than ever before.”

The human element is still the surprise factor.

Whitney Grace, June 4, 2020

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta