2021 has started with new cyber attacks, hacking incidents and data breaches coming to light almost every day. Cyber criminals pose a threat to all organizations and businesses, and the customers and consumers who use them. Some of the numbers involved in the latest data breaches are staggering, with personal data concerning hundreds of thousands of individuals being leaked. Businesses are doing their best to fight off cyber attacks, but it's hard to predict what new threat campaigns will emerge and how they'll operate. It's even harder to discern what the next big malware threat will be: the Zeus Trojan and Locky ransomware were once major threats, but now it's things like Emotet botnet, the Trickbot Trojan and Ryuk ransomware. It's difficult to defend your perimeter against unknown threats, and that's something that cyber criminals take advantage of.
AI/ML in Cybersecurity – The Bright Side
Artificial intelligence (AI) and machine learning (ML) are playing an increasing role in cybersecurity tools. Such security tools analyze data from millions of cyber incidents and use it to identify potential threats (an employee account acting strangely by clicking on phishing links, for example) or a new variant of malware.
However, there is a constant battle between attackers and defenders. Cyber criminals have long tried to tweak their malware code so that security software no longer recognizes it as malicious. Spotting every variation of malware, especially when it is deliberately disguised, is hard. Increasingly it's by leveraging AI and ML that defenders are attempting to stop even the unknown, new types of malware attack. ML is a good fit for anti-malware solutions because ML is well suited to solve 'fuzzy' problems. A ML database can draw upon information about any form of malware that's been detected before. When a new form of malware appears - either a tweaked variant of existing malware, or a new kind entirely -- the system can check it against the database by examining the codes, signatures, models and block the attack on the basis that similar events have previously been deemed as malicious. That's even the case when the malicious code is bundled up with large amounts of benign or useless code to hide the nefarious intent of the payload, as often happens.
But uncovering new kinds of malware isn't the only way machine learning can be deployed to boost cybersecurity. An AI-based network-monitoring tool can also track what users do daily, building up a picture of their typical behavior. By analyzing this information, AI SW can detect anomalies and react accordingly. AI can adapt and respond fast to a constantly changing world that enables IT professionals to respond in an intelligent way, understanding the relevance and consequences of a breach or a change of behavior, and in real time develop a proportionate response. For example, if an employee clicks on a phishing link, the system can work out that this was not normal behavior and could therefore be potentially malicious activity. Machine learning can spot almost immediately, block the potential damage of a malicious intrusion, and prevent login credentials being stolen, malware being deployed or otherwise enabling attackers to gain access to the network. And all of this is done without the day-to-day activity of the business being impacted, as the response is proportionate: if the potential malicious behavior is on one machine, that doesn't require the whole network being locked down.
Another key benefit of machine learning in cybersecurity is that it identifies and reacts to suspected problems almost immediately, preventing potential issues from disrupting business. By deploying AI-based cybersecurity, customers can ensure that the network is safe, without relying on humans having to perform the impossible the task of monitoring everything at once. Data isn't just bits and bytes: we have video, we have chats, emails -- it's the variety of the input that's coming with growing volume. It's too much for humans to be able to manage, AI based automated tools are the real work horse for such needs. That's especially the case when it comes to monitoring how employees operate on the network. Many large organizations employ training to help staff improve cybersecurity, but it's possible that staff will attempt to take shortcuts to do their job more efficiently, which could potentially lead to security issues. Machine learning helps to manage this.
AI/ML in Cybersecurity – The Dark Side
While AI and ML do provide benefits for cybersecurity, it's important for organizations to realize that these tools aren't a replacement for human security staff. It's possible for a ML-based security tool to be programmed incorrectly, for example, resulting in unexpected - or even obvious -- things being missed by the algorithms. If the tool misses a particular kind of cyber attack because it hasn't been coded to take certain parameters into account, that's going to lead to problems. AI and ML can get you into trouble if you are reliant on it as an oracle of everything. If the inputs are bad and it's passing things through it says are okay, but it's passing real vulnerabilities through because the model hasn't been properly tuned or adjusted - that's the worst case because you think you're fully protected because you have AI. AI-based cybersecurity isn't a complete replacement for human security staff; and like any other software on the network, you can't just install it and forget about it - it needs to be regularly evaluated. And you can't assume that AI and machine learning are going to solve all the problems.
And there's the potential that AI and machine learning could create additional problems, because while the tools help to defend against hackers, it's highly likely that cyber criminals themselves are going to use the same techniques to make attacks more effective. A report by Europol has warned that artificial intelligence is one of the emerging technologies that could make cyber attacks more dangerous and more difficult to spot than ever before. It's even possible that cyber criminals have already started using these techniques to help conduct hacking campaigns and malware attacks. It's possible that by using machine learning, cyber criminals could develop self-learning automated malware, ransomware, social engineering, or phishing attacks. Currently, they might not access to the deep wells of technology that cybersecurity companies have, but there's code floating around that can provide cyber criminals with access to these resources. The general tools are out there -- some of them are open source. They're freely available to everyone and the code and tool quality are increasing due to opensource innovation. It is fair to assume that this will be part of a criminal's repertoire if it isn't already. It is unclear if hackers have used machine learning to help develop or distribute malware, but there is evidence of AI-based tools being used to conduct cyber crime.
AI-based deep fake technology has already caused concern when it comes to spreading disinformation or even abuse of individuals via fake videos, leading to calls for deep fake regulation. Last year it was reported that criminals used AI generated audio to impersonate a CEO's voice and trick employees into transferring funds to them. The attackers used AI to mimic the voice of the CEO and request the transfer of funds. This 'deep fake voice attack' is a new layer to business email compromise scams in which attackers claim to be the boss and request an urgent transfer of funds. The nature of a CEO's job means their voice is often in the public domain, and criminals can find and exploit numerous voice recordings to train AI models and AI-based system can be used as part of a social-engineering attack. For example, machine learning could be employed to send out phishing emails automatically and learn what sort of language works in the campaigns, what generates clicks and how attacks against different targets should be crafted.
AI/ML in Cybersecurity – The Opportunity
Like any machine-learning algorithm, success would come from learning over time, meaning that it's possible that phishing attacks could be driven in the same way security vendors attempt to defend against them. There are cyber-criminal organizations working in unison for financial gain, which can leverage AI and machine learning effectively. However, if AI-based cybersecurity tools continue to develop and improve, and are applied correctly alongside human security teams, rather than instead of them, this could help businesses stay secure against increasingly smart and potent cyber attacks. We can't second-guess technology, but we can watch it and learn from it and adapt. AI is how technology will respond to our ever-changing world as it updates automatically and learns how humans react. In future, one could move into a world where the whole cybersecurity posture is enhanced, with the ultimate vision of having a self-learning and self-healing network that can learn negative behaviors and stop them happening.
/Service Ventures Team
Comments