Rise of AI-Aided Cybersecurity Threats

Introduction

This blog delves into AI-aided cybersecurity threats, exploring their nature, potential impacts, and how we can defend against them.

While it's currently improbable for an AI model to independently devise entirely novel paths for exploiting a system due to the inherent ambiguity and complexity of such systems, it's not certain that this won't become a possibility in the future, given the rapid pace of development. However, the likelihood of AI-aided hacks is significant and has been demonstrated in recent years.

The speed, scale, and scope of these attacks are well described in the story by Wired titled “The Age of AI Hacking Is Closer Than You Think”.

AI’s Integration into Cybersecurity

AI's integration into cybersecurity has revolutionized both defense and attack strategies. On the defensive side, AI enhances threat detection, automates responses, and predicts potential vulnerabilities. However, this same technology in the hands of malicious actors can lead to advanced, automated, and adaptive cyber-attacks.

2024 could see record-breaking data breaches. In 2023, the landscape of global data breaches significantly intensified from previous years, including a 72% increase in the number of data compromises over the previous high in 2022. This, again, can’t be completely correlated with AI’s recent advancements, but it must surely be a significant factor - World Economic Forum.

Which part of the Threat Landscape does AI Integrate with?

From the article titled “The Emerging Threat of AI-driven Cyber Attacks: A Review” on tandfonline.com, searches in ACM, arXiv, Blackhat, Scopus, Springer, MDPI, IEEE Xplore, and other sources were executed to retrieve relevant articles to find cases of AI use in AI-driven attacks. Out of the 936 papers that met their search criteria, a total of 46 articles were finally selected for this study.

The results show that:

• 56% of the AI-Driven cyberattack techniques identified were demonstrated in the access and penetration phase.
• 12% were demonstrated in the exploitation and command and control phases, respectively.
• 11% were demonstrated in the reconnaissance phase.
• 9% were demonstrated in the delivery phase of the cybersecurity kill chain.

Reasons for which AI-Aided Threats are Harder to Detect

AI-driven cyberattack techniques have the capacity to adapt to the surroundings where they are executed. They can exploit vulnerabilities or masquerade as trusted system attributes by learning from contextual data or information. The longer the attack exists in the host, the more it integrates and becomes independent of its target environments and countermeasures against cybersecurity defense infrastructures.

Like the threat discovered by Darktrace, an employee at a law firm fell victim to a spam campaign, which led to an infection with Trickbot malware. Trickbot is opportunistic information-stealing malware that, after several iterations, remains under active development.

Within minutes of infecting patient zero, Trickbot had spread to over 20 other devices on the network that had outdated SMB services.

The malware is modular and contains worming functionality that utilizes SMB exploits similar to WannaCry (a ransomware worm that spread rapidly through a number of computer networks in May of 2017). Able to make those decisions autonomously, no C2 channel will be required for the attack to propagate and complete its mission. By eliminating the need for C2, the attack will become stealthier and more dangerous.

Major AI-Aided Cyber Attacks on Corporations

1. Deepfake CEO Scam on a UK Energy Firm (2019)

   In 2019, a UK-based energy firm's CEO was impersonated using AI-generated deepfake technology. The scammers, mimicking the CEO’s voice, instructed a senior executive to transfer $240,000 to a Hungarian supplier. The executive, convinced by the authenticity of the voice, complied, resulting in a substantial financial loss.

2. Emotet Malware Attacks (2018-2020)

   Emotet, an AI-enhanced malware, targeted numerous organizations globally, including major corporations and government entities. It used AI to evolve and evade detection, primarily spreading through sophisticated phishing emails. The malware led to significant data breaches and financial losses before being disrupted by law enforcement in 2021.

3. AI-Driven Phishing Attack on a Major Financial Institution (2023)

   In 2023, a major financial institution suffered a breach due to AI-generated phishing emails. The attack bypassed advanced security measures by crafting highly personalized and convincing emails, leading to unauthorized access to sensitive data and substantial financial damage.

The Impact of AI-Aided Cyber Threats

The implications of AI-aided cyber threats are far-reaching. They can lead to significant financial losses, data breaches, and operational disruptions. The enhanced sophistication of these threats means they can bypass traditional security measures, leading to prolonged periods of undetected intrusion and damage.

Defending Against AI-Aided Threats

Implementing advanced threat detection measures alongside continuous monitoring and response systems can bolster cybersecurity defenses against AI-driven threats. Employee training programs that identify phishing attempts and other social engineering tactics serve as crucial deterrents against attacks exploiting human vulnerabilities. Advocating for regulatory frameworks and ethical AI development practices helps mitigate malicious actors' potential misuse of AI technologies.