Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant, explores how AI can be used to enhance both cyber-attacks and defences, and what’s in store for the ongoing cybersecurity arms race.
The rapid progress of AI in various industries has vastly increased the potency of security threats organisations are exposed to. AI has facilitated ease in automating tasks, extracting information, and the ability to exploit vulnerabilities, serving as a powerful tool for both cyber attackers and defenders. It has drastically reshaped the digital threat and security defence landscape, as it is leveraged in both cyber-attacks and defence strategies.
AI-enabled social engineering campaigns
The incorporation of AI into malicious social engineering campaigns has led to a new era of more convincing and deceptive cyber threats. Cyber actors can exploit vast amounts of data to enhance the sophistication and success of phishing campaigns and disinformation online.
The emergence of AI and Generative-AI models has enabled cyber threat actors to create convincing narratives targeted at vulnerable and specific users by considering time zones, keywords, geographical information, social media profiles, and language nuances.
As a result, cyber threats delivered through Generative-AI tools have become more sophisticated and believable, enabling cyber threat actors with limited skills to craft compelling narratives.
Evolution of cyber adversaries’ arsenals
The emergence of deepfakes, a hyper-realistic audiovisual fabrication powered by AI, presents novel avenues for deceiving targets. This marks a dangerous evolution in the cyber adversaries’ arsenal.
Furthermore, AI’s powerful automation, surveillance, and exploitation tools empowers the exploitation of vulnerable systems. Automated tools can scan for weaknesses with malicious intent which aids in the development of exploits, zero-day attacks, and malicious software.
This increased scanning capability facilitated by AI raises the likelihood of attackers gathering necessary information to successfully orchestrate attacks.
Through the exploitation of AI algorithms, cyber threat actors can manipulate data consumed by AI algorithms by inserting incorrect information into legitimate but compromised sources to ‘poison’ AI systems, causing them to produce errors or export adverse information.
Intentional corruption of code and data represents a significant challenge, as developers have yet to devise a foolproof defence. As it stands, bad data in equals bad data out for any machine learning system.
AI has also elevated attacker techniques and sophistication, exemplified by threat actors using search engine ads for phishing attacks to direct victims to malicious websites which are designed to impersonate major financial institutions.
The role of AI in cyber defence
In an interconnected world, AI plays a crucial role in cyber defence against sophisticated cyber threats. AI in cyber defence is not just a trend – it has long been a necessity. As bad actors harness AI to deploy cyber-attacks, cybersecurity professionals are leveraging AI to fortify their defences. AI-driven security systems can sift through extensive datasets to pinpoint patterns that may signal cyber threats, providing a proactive approach to threat detection.
These systems are adept at monitoring networks for unusual activities that could indicate a security breach, detecting anomalies and reducing false positives through continuous analysis of network traffic. AI’s predictive capabilities help in forecasting potential vulnerabilities and attack vectors before they are exploited, enabling organisations to proactively patch security gaps and reinforce defences.
Behavioural analytics driven by AI take threat detection a step further by understanding the normal behaviour of users and entities within a network.
This deep learning aspect of AI can distinguish between legitimate user actions and potential threats by detecting behavioural anomalies, such as sudden changes in file access patterns or data transfer volumes, which could signify a compromised account or an insider threat.
AI cannot replace human cybersecurity experts, but it can significantly improve cyber defence by sifting through large datasets and identifying threats. This allows human analysts to focus their attention on more complex tasks like threat hunting, forensic analysis, aggregating different source information, and strategic security planning.
The collaboration between human intelligence and artificial intelligence will undoubtedly result in a more robust cyber defensive posture.
An ongoing arms race
The ongoing arms race between cyber attackers and defenders is accelerating with the integration of AI. While AI fuels the sophistication and advancement of targeted cyber-attacks, it also provides powerful tools for cybersecurity professionals to protect digital assets, networks, and systems.
In this new landscape, it is crucial to keep developing innovative AI-driven solutions to prepare against the incessant wave of threats and prevent the malicious use of emerging AI capabilities.
