Cyberattacks that use AI are currently rare and limited to social engineering applications, (such as impersonating an individual) or used in ways that aren’t directly observable by researchers and analysts. However, the quantity and quality of advances in AI have made more advanced cyberattacks likely in the foreseeable future.
This blog is part 2 of 2 and concludes our posting on the vitally important topic of cybersecurity.
Target identification, social engineering, and impersonation are today’s most imminent AI-enabled threats and are expected to evolve further within the next two years in both number and sophistication. Furthermore, within the next five years, attackers are likely to develop AI capable of autonomously finding vulnerabilities, planning and executing attack campaigns, using stealth to evade defenses, and collecting/mining information from compromised systems or open-source intelligence.
“Although AI-generated content has been used for social engineering purposes, AI techniques designed to direct campaigns, perform attack steps, or control malware logic have still not been observed in the wild. Those techniques will be first developed by well-resourced, highly-skilled adversaries, such as nation-state groups,” said WithSecure Intelligence Researcher Andy Patel. “After new AI techniques are developed by sophisticated adversaries, some will likely trickle down to less-skilled adversaries and become more prevalent in the threat landscape.”
While current defenses can address some of the challenges posed by attackers’ use of AI, the report notes that others require defenders to adapt and evolve. New techniques are needed to counter AI-based phishing that utilizes synthesized content, spoofing biometric authentication systems, and other capabilities on the horizon.
“Security isn’t seeing the same level of investment or advancements as many other AI applications, which could eventually lead to attackers gaining an upper hand,” said WithSecure Senior Data Scientist Samuel Marchal. “You have to remember that while legitimate organizations, developers, and researchers follow privacy regulations and local laws, attackers don’t. If policy makers expect the development of safe, reliable, and ethical AI-based technologies, they’ll need to consider how to secure that vision in relation to AI-enabled threats.”
The topic of AI-enabled cyberattacks surfaced around five years ago with examples of generative AI models able to automate both spear-phishing attacks and vulnerability discovery. Since then, social engineering and impersonation attacks supported by AI have occurred, causing millions of dollars in financial losses. Current rapid progress in AI research, coupled with the numerous new applications it enables, leads us to believe that AI techniques will soon be used to support more steps typically used during cyberattacks. This is the reason why the idea of AI-enabled cyberattacks has recently gained increased attention from both academia and industry, and why we are starting to see more research devoted to the study of how AI might be used to enhance cyberattacks.
AI technology is currently able to enhance only a few attacker tactics, and is likely only used by advanced threat actors such as nation-state attackers. In the near future, fast-paced AI advances will enhance and create a larger range of attack techniques through automation, stealth, social engineering or information gathering. Therefore, AI-enabled attacks are likely to become more widespread among less skilled attackers in the next five years. As conventional cyberattacks become obsolete, AI technologies, skills and tools will become more available and affordable, incentivizing attackers to make use of AI-enabled cyberattacks.
The cybersecurity industry will have to adapt to cope with the emergence of AI-enabled cyberattacks. For instance, biometric authentication methods may become obsolete because of advanced impersonation techniques enabled by AI. New prevention and detection mechanisms will also need to be developed to counter AI-enabled cyberattacks. More automation and AI technology will need to be used in defense solutions to match the speed, scale, and sophistication of AI-enabled attacks. This may lead to an asymmetrical fight between attackers having unrestricted use of AI technologies and defenders being constrained by the upcoming regulation on AI applications.
Looking ahead in 2023, it will be interesting to see if predictions are fulfilled regarding last year’s release of CHATGPT by OpenAI and its potential to unintentionally accelerate the future impact of AI-enabled cyberattacks.
General Cyber Tips & Best Practice Recommendations
Adopting a more proactive approach to cyber security can seem daunting at first. However, following a pragmatic and structured roadmap with clearly defined steps can not only enhance security but also deliver peace of mind. Taking a longer-term perspective also reduces the financial and reputational risks of responding to cyberattacks without effective prior planning. Key recommendations to enhance cyber resilience include:
Leverage Managed Detection and Response – Organizations can significantly strengthen their cyber security posture by deploying managed detection and response (MDR) service, which combines technology and specialist expertise to monitor for and respond to threats on a 7x24x365 basis. MDR gives organizations the capacity to detect and contain them before they have a greater impact.
Implement Incident Response Planning – A critical aspect of boosting cyber resilience is to establish a clear, measurable incident response playbook that sets out clear and specific steps to follow in the event of an attack. Incident response planning provides businesses with a roadmap for effective and timely action, as well as reduces the risks created by damaging delays or missteps in the response process.
Undertake Tabletop Exercises – As part of incident response planning, organizations benefit from gaining a detailed understanding of their security vulnerabilities and potential adversaries. This can be achieved through incident response tabletop exercise scenarios customized to test the organization’s response plan and its stakeholders and help improve and evolve a security program. Tabletop exercises provide valuable insights into a company’s level of preparedness, the steps it will need to take in the event of a real-world attack, and any remediation of the plan stemming from the tabletop exercise.
Commission Assessments and Penetration Testing – Regular penetration testing and assessments allow businesses to identify and address undiscovered or under-prioritized vulnerabilities in their security, and mitigate them before they can be maliciously exploited. Companies should carefully consider which type of testing or assessments will be most appropriate for their requirements and ensure that the proposed process will conclude with strategic recommendations and remediation advice.
Embed Key Controls - Organizations should aim to move beyond security silos to embed cyber security centrally within their business practices and processes. This is achievable when undertaken in small incremental steps via a number of key controls. From enabling multifactor authentication (MFA) to managing the risks of virtual private networks (VPNs), companies can benefit significantly by employing the gamut of measures to strengthen their security and reduce the likelihood of cyberattacks.
Cyber Awareness Training : Frequent cybersecurity awareness training is crucial to protecting the organization against ransomware. This training should instruct employees to do the following:
Not click on malicious links
Never open unexpected or untrusted attachments
Avoid revealing personal or sensitive data to phishers
Verify software legitimacy before downloading it
Never plug an unknown USB into their computer
Use a VPN when connecting via untrusted or public Wi-Fi
Up-to-Date Patches : Keeping computers and servers up-to-date and applying security patches, especially those labeled as critical, can help limit an organization’s vulnerability to ransomware attacks.
Keep your software updated. Ransomware attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalizing on them. Fortunately, some developers actively search for new vulnerabilities and patch them out. If you want to make use of these patches, you need to have a patch management strategy in place—and you need to make sure all your team members are constantly up to date with the latest versions.
Appoint a vCISO/Security Expert - For organizations that do not have the resources for senior security personnel, appointing a vCISO or security expert is a commercially sound option to provide the security team with some guidance, and for the company to gain access to experiences that might prove a challenge to source, especially during an incident. Such experts can help a company create and accelerate data security initiatives, ensure software & patches remain up-to-date, inform management, and validate existing programs for the board with unique perspectives on regulatory, technology and operational cyber impacts.
It is critical now more than ever for businesses to invest in securing their organizations against cyber related threats as incidents continue to grow worldwide and savvy cyber criminals begin to exploit new methods of infiltration. It is encouraging to learn that many more companies have begun to prioritize the importance of establishing a formidable cyber security strategy that includes the adoption of a pragmatic, proactive approach that delivers the required cybersecurity and cyber resiliency.