Artificial Intelligence (AI) is becoming more dominant in the cyber space. It can ensure that systems and business environments become more secure. At the same time, hackers also know how to use artificial intelligence. What is currently going on around AI in the cyber arena? To what extent is it taking the cyber fight to the next level?
AI itself is not a new technology in the security world, but it is being used more and more in the marketing messages of security companies. This is due to the fact that more data is being collected, something that is needed to develop strong models and algorithms. The techniques are much stronger than they were, say, ten years ago.
AI analyzes and detects malware
If we look at where the progression has led to in terms of making businesses safer, we see a number of things taking a prominent role. One of the capabilities of AI is that the technology is able to perceive all kinds of attacks. For example, algorithms can find abnormal behavior and events. To do this, the algorithms analyze data from various sources. Think about data from networks, endpoints and cloud traffic.
Security products today are therefore able to find known threats. To do this, they use the traditional method of detection based on signatures. This form of detection looks for known patterns and footprints of malware. A security product has a database containing the signatures.
However, with cyberattacks getting smarter, detection using signatures does not always work. New or encrypted malware is difficult to find with this technique. In this case, artificial intelligence can provide a solution. The algorithms can find unknown threats by searching for them proactively. For example, they look at behavior: are certain events normal or do they indicate malware? So the algorithm actually compares the behavior with the instructions it has been given.
The algorithms have a learning ability to achieve faster and better detection. Thus, AI should take security to the next level.
Less time and automation
By deploying AI this way, it is possible to detect complex cyber attacks faster than before. For example, if the algorithms are active in a corporate environment where an attempt is taking place, it can stop the malicious activity within short time. Previously, in this case, the cyber attack could be active in the environment for much longer, causing more damage. When blocking, the AI can also determine whether it will stop the attack completely on its own or whether it will (partially) forward the threat to a security professional. Thus, it also eases the work of that security expert.
This is also often referred to as security automation, meaning security steps are executed automatically. That can be for detecting cyber attacks, but also for investigating and repairing an attack. Systems with automation features can achieve this independently (autonomous security) or with the help of human security experts. The systems observe the malware, then assess and prioritize it. It is expected that security automation will eventually play a role in many more companies and thus grow into a larger market.
Advanced cyber attacks through AI
So the line of defense is getting stronger thanks to AI, but on the other hand, hackers are also capitalizing on the new opportunities. They know how to refine their techniques with the help of artificial intelligence. Adding AI to malware makes the malicious software more efficient. Think about making spam and phishing more personal, making the messages look more credible and making victims more likely to click. But it’s also possible that hackers could use AI to keep malware off the radar of security systems. It could mean that a cyberattack adapts itself with a new encryption key or code. The algorithms are smart enough that they are able to stay off the radar.
We recently attended a Thales event, where CTO Bernhard Quendt discussed developments on the cybercrime side. He also shared with us other examples of AI use. The Thales CTO sees reliability and availability as important things to consider. In practice, that might mean that a door security system relies on facial recognition. This facial recognition uses an AI model that a cybercriminal can attack with reverse engineering techniques, modifying who has access. Thus, it is possible to gain physical access to critical locations. The cybercriminal can even steal the AI model and sell it to the competitor to find out who has access to critical infrastructure.
Another possibility the CTO of Thales sees has to do with availability. “If your autonomous system relies on complex AI in the cloud, then the cybercriminal launches a denial of service attack on the service in the cloud. For example, if you have a traffic automation system in the cloud, they release a DoS attack on the AI and the whole system is blocked,” Quendt said.
Both camps getting smarter
In the end, we can conclude that AI plays a more prominent role in cybersecurity than it did a decade ago. A lot of progress has been made, making analysis and detection faster. Automation is helping security professionals. At the same time, they have to fear the ways in which cybercriminals are deploying artificial intelligence. They know how to make their attacks more sophisticated. With that, the cyber war has reached the next stage.