[BreachExchange] 3 ways AI will change the nature of cyber attacks

[Destry Winant]

https://www.weforum.org/agenda/2019/06/ai-is-powering-a-new-generation-of-cyberattack-its-also-our-best-defence/

Cyberattacks are becoming ubiquitous and have been recognized as one
of the most strategically significant risks facing the world today. In
recent years, we have witnessed digital assaults against governments
and the owners of critical infrastructure, large private corporations
and smaller ones, educational institutions and non-profit
organizations. Not only is no sector immune from cyberattacks, the
level of sophistication of the threats they face is continually
increasing.

The future of cybersecurity will be driven by a new class of subtle
and stealthy attackers that has recently emerged. Their aim is not to
steal data, but rather to manipulate or change it. There is little
doubt that artificial intelligence (AI) will be used by attackers to
drive the next major upgrade in cyber weaponry and will ultimately
pioneer the malicious use of AI. AI’s fundamental ability to learn and
adapt will usher in a new era in which highly-customised and
human-mimicking attacks are scalable. ’Offensive AI’ – highly
sophisticated and malicious attack code – will be able to mutate
itself as it learns about its environment, and to expertly compromise
systems with minimal chance of detection.

Prototype-AI attacks: a glimpse into the future

AI-powered cyberattacks are not a hypothetical future concept. All the
required building blocks for the use of offensive AI already exist:
highly sophisticated malware, financially motivated – and ruthless –
criminals willing to use any means possible to increase their return
on investment, and open-source AI research projects which make highly
valuable information available in the public domain.

One of the most notorious pieces of contemporary malware – the Emotet
trojan – is a prime example of a prototype-AI attack. Emotet’s main
distribution mechanism is spam-phishing, usually via invoice scams
that trick users into clicking on malicious email attachments. The
Emotet authors have recently added another module to their trojan,
which steals email data from infected victims. The intention behind
this email exfiltration capability was previously unclear, but Emotet
has recently been observed sending out contextualized phishing emails
at scale. This means it can automatically insert itself into
pre-existing email threads, advising the victim to click on a
malicious attachment, which then appears in the final, malicious
email. This insertion of the malware into pre-existing emails gives
the phishing email more context, thereby making it appear more
legitimate.

Yet the criminals behind the creation of Emotet could easily leverage
AI to supercharge this attack. Currently, the message on the final
phishing email is usually highly generic - “Please see attached”, for
instance - and this may sometimes arouse suspicion. However, by
leveraging an AI’s ability to learn and replicate natural language by
analysing the context of the email thread, these phishing emails could
become highly tailored to individuals. This would mean that an
AI-powered Emotet trojan could create and insert entirely customized,
more believable phishing emails. Crucially, it would be able to send
these out at scale, which would allow criminals to increase the yield
of their operations enormously.

The consequences of these developing attack methods could be highly
destructive, and even life-threatening. By undermining data integrity,
these stealthy attacks cause trust in organizations to falter, and may
even cause systemic failures to occur. Imagine an oil rig using faulty
geo-prospection data to drill for oil in the wrong place, or a
physician making a diagnosis using compromised medical records. As the
AI arms race continues, we can only expect this circle of innovation
to escalate.

Offensive AI: a paradigm shift in cyberattacks

In 2017, the WannaCry ransomware attack hit organizations in over 150
countries around the world, marking the beginning of a new era in
cyberattack sophistication. Its success lay in its ability to move
laterally through an organization in a matter of seconds while
paralysing hard drives, and the incident went on to inspire multiple
copycat attacks. This cycle of “innovation” will continue, and
attackers have already moved on to cryptocurrency mining malware,
which secretly steals processing power to mine for digital currencies
such as bitcoin, and banking trojans, a type of malware that steals
financial data while masquerading as a genuine application.

The use of adversarial artificial intelligence will impact the
security landscape in three key ways:

1 - Impersonation of trusted users

AI attacks will be highly tailored yet operate at scale. These
malwares will be able to learn the nuances of an individual’s
behaviour and language by analysing email and social media
communications. They will be able to use this knowledge to replicate a
user’s writing style, crafting messages that appear highly credible.
Messages written by AI malware will therefore be almost impossible to
distinguish from genuine communications. As the majority of attacks
get into our systems through our inboxes, even the most cyber-aware
computer user will be vulnerable.

2 - Blending into the background

Sophisticated threat actors can often maintain a long-term presence in
their target environments for months at a time, without being
detected. They move slowly and with caution, to evade traditional
security controls and are often targeted to specific individuals and
organizations. AI will also be able to learn the dominant
communication channels and the best ports and protocols to use to move
around a system, discretely blending in with routine activity. This
ability to disguise itself amid the noise will mean that it is able to
expertly spread within a digital environment, and stealthily
compromise more devices than ever before. AI malware will also be able
to analyse vast volumes of data at machine speed, rapidly identifying
which data sets are valuable and which are not. This will save the
(human) attacker a great deal of time and effort.

3 - Faster attacks with more effective consequences

Today’s most sophisticated attacks require skilled technicians to
conduct research on their target and identify individuals of interest,
understand their social network and observe over time how they
interact with digital platforms. In tomorrow’s world, an offensive AI
will be able to achieve the same level of sophistication in a fraction
of the time, and at many times the scale.

Not only will AI-driven attacks be much more tailored and consequently
more effective, their ability to understand context means they will be
even harder to detect. Traditional security controls will be impotent
against this new threat, as they can only spot predictable,
pre-modelled activity. AI is constantly evolving and will become
ever-more resistant to the categorization of threats that remains
fundamental to the modus operandi of legacy security approaches.

Incorporating AI in the digital ecosystem

As we increasingly rely on connected systems and devices, we are
quickly developing a highly advanced and heavily connected digital
ecosystem. We will require partnerships and capabilities that
prioritize winning the strategic battles that count – and safeguard
not only economically valuable data held by the public and private
sectors, but the confidence in digital systems that underpins social
cohesion and democratic institutions.

Investment in new technology will play a critical role in this
emerging reality and evolving ecosystem. According to Forrester’s
Using AI for Evil report, “mainstream AI-powered hacking is just a
matter of time”. Indeed, as we begin to see AI become part of the
cyber attacker’s toolkit, the only way that we will be able to combat
this malicious use of AI is with AI itself. Therefore, incorporating
the technology into this ecosystem is crucial.

Counterattack: Fighting machine with machine

The cybersecurity community is already heavily investing in this new
future, and is using AI solutions to rapidly detect and contain any
emerging cyberthreats that have the potential to disrupt or compromise
key data. Defensive AI is not merely a technological advantage in
fighting cyberattacks, but a vital ally on this new battlefield.
Rather than rely on security personnel to respond to incidents
manually, organizations will instead use AI to fight back against a
developing problem in the short term, while human teams will oversee
the AI’s decision-making and perform remedial work that improves
overall resilience in the long term.

AI-powered attacks will outpace human response teams and outwit
current legacy-based defenses; therefore, the mutually-dependent
partnership of human and AI will be the bedrock of defense strategies
in the future. The battleground of the future is digital, and AI is
the undisputed weapon of choice. There is no silver bullet to the
generational challenge of cybersecurity, but one thing is clear: only
AI can play AI at its own game. The technology is available, and the
time to prepare is now.