Elements in Securing AI - Part 3 AI for Cyberattacks

Introduction

The third part in this series with give an overview of AI for cyberattacks which involves attackers leveraging the ability of AI to auto-launch or speed up attacks typically with serious impacts on services and infrastructure.


Examples of AI for Cyberattacks

Impersonation of trusted users: Analysing large data sets helps attackers prioritise their victims based on online behaviour and estimated wealth. Predictive models can go further and determine willingness to pay the ransom based on historical data, and even adjust the size of pay-out to maximise the chances and, therefore, revenue for cyber-criminals.

With all the data available in the public domain, as well as previously leaked secrets, through various data breaches are now combined for the ultimate victim profiling in a matter of seconds with no human effort. When the victim is selected, AI can be used to create and tailor emails and sites that would be most likely clicked on based on crunched data. Trust is built by engaging people in longer dialogues over extensive periods of time on social media, requiring no human effort. Chatbots are now capable of maintaining such interaction and even impersonating the real contacts by mimicking their writing style.

Machine learning used for victim identification and reconnaissance greatly reduces attackers’ resource investments. Indeed, there is even no need to speak the same language anymore. This inevitably leads to an increase in the scale and frequency of highly targeted spear-phishing attacks.

The sophistication of such attacks can also go up. Exceeding human capabilities of deception, AI can mimic voice thanks to the rapid development in speech synthesis. These systems can create realistic voice recordings based on existing data and elevate social engineering to the next level through impersonation. This, combined with other techniques discussed above, paints a rather grim picture. As the majority of attacks get into our systems through our inboxes, even the most cyber-aware computer user will be vulnerable.

Blending into the background: Sophisticated threat actors can often maintain a long-term presence in their target environments for months at a time, without being detected. They move slowly and with caution, to evade traditional security controls and are often targeted to specific individuals and organisations  AI will also be able to learn the dominant communication channels and the best ports and protocols to use to move around a system, discretely blending in with the routine activity. This ability to disguise itself amid the noise will mean that it is able to expertly spread within a digital environment, and stealthily compromise more devices than ever before. AI malware will also be able to analyse vast volumes of data at machine speed, rapidly identifying which data sets are valuable and which are not. This will save the (human) attacker a great deal of time and effort.

Faster attacks with more effective consequences: Today’s most sophisticated attacks require skilled technicians to conduct research on their target and identify individuals of interest, understand their social network and observe over time how they interact with digital platforms. In tomorrow’s world, an offensive AI will be able to achieve the same level of sophistication in a fraction of the time and at many times the scale. 

Not only will AI-driven attacks be much more tailored and consequently more effective, their ability to understand context means they will be even harder to detect. Traditional security controls will be impotent against this new threat, as they can only spot predictable, pre-modelled activity. AI is constantly evolving and will become ever-more resistant to the categorisation of threats that remain fundamental to the modus operandi of legacy security approaches.

For example, the use of AI in everyday life means that automated DDoS attacks will soon become a reality. The whole concept of AI means that machines are constantly learning; staying ahead of the game is ever more important as attacks are getting more advanced by the day. A combination of malicious actors and AI technology could be a deadly combination, and security solutions should be prepared now to ensure they are able to fight back. Without any defences, major consequences could ensue for targeted sites.

Conclusion

Hopefully, the examples of cyberattacks which can make use of AI provide some useful introductory information and an overview of how attackers may make use of AI.

Sources

https://www.weforum.org/agenda/2019/06/ai-is-powering-a-new-generation-of-cyberattack-its-also-our-best-defence/
https://www.infosecurity-magazine.com/infosec/artificial-intelligence-and/
https://activereach.net/newsroom/blog/is-ai-the-new-biggest-threat-in-ddos/

Comments

Popular posts

Personal Interest - Unbuilt fleets of the Royal Navy

Personal Interest - RAF Unbuilt Projects

Balancing functionality, usability and security in design