Cybercrime, meet AI

One of the eternal truisms about cybersecurity is that it’s a cat and mouse game – and cybersecurity often seems to be behind the ball

Now, however, with artificial intelligence (AI) – essentially advanced analytical models – coming onto the market, cybersecurity actually has the edge.

At present, vendors are doing far more than hackers with AI. Not that we can expect it to stay that way forever, but right now the good guys have the upper hand – and that gives the industry some time to prepare itself for the eventual rise of AI-enabled cybercriminals.

The value of AI in this model is that it lets companies take large volumes of information and find clusters of similarity. This is always the focus of cybersecurity to a degree, but organisations are often unequipped to do so in sufficient depth because of time and resourcing constraints. By contrast, AI can whittle down vast quantities of seemingly unrelated data into a few actionable incidents or outputs at speed, giving companies the ability to quickly pick out potential threats in a huge haystack.

Mimicking humans

The ability to quickly turn large amounts of data into actionable insights is something that cybersecurity teams are going to need in the coming years, because AI could become a formidable enemy. Unlike malware, which is purely automated, AI is beginning to mimic humans to a worryingly accurate degree. It can draw pictures, age photographs of people, write well enough to persuade people of truths – or lies.

This means that AI could theoretically industrialise the reproduction of human hacking tactics, which are currently the most damaging but also the most time-consuming form of attack for hackers. The best, most difficult hacks to detect are those performed by humans – digging into systems, watching user behaviour and finding or installing backdoors. Attacks performed with tools are much easier to detect. They bang around, they hit things, they find the backdoor by knocking on every wall. The sneaky thief is harder to find.

Hackers aren’t yet creating ‘AI-driven sneaky thieves’, but they could. AI could be used to build an independent, patient, intelligent and targeted attacker that waits and watches: an automated APT, if you will. That would be far more difficult to defend against than automated ’splash’ tactics, and it could be executed or industrialised on a very large scale.

How an AI cybercriminal could work

The good news is that any such automated APTs will arrive slowly, because AI is complicated. An AI algorithm isn’t usually designed to be user friendly. Instead of pointing and clicking, you have to customise the hacking tool to a degree that needs AI expertise. Those skills are in short supply in the industry, let alone the hackersphere, so we’re likely to see this achieved first by nation-states, not by hobbyists – which means that the first likely targets are those with national interest.

Let’s look at some public examples. A while ago there were hacks on Anthem, Primera and Care First, major healthcare providers in the US, all of which worked with a lot of federal employees. At the same time, Lockheed and the Office of Personnel Management, which handles Class 5 security clearance, were hacked, losing fingerprint and personal data for thousands of people.

One theory about these hacks was that a nation state stole the data. As it didn’t turn up on the dark web for sale, where did it end up? If this nation does now possess it, they have terabytes of healthcare, HR, federal background check and contractor data at their command. The value of such data would make relating one set of data to another very difficult and time consuming if done by hand.

But an AI program could find clusters and patterns in the data set and use them to work out who could be a good target for a future attack. You could connect their families, their health problems, their usernames, their federal projects – there are lots of ways to use that information. Nation states steal data for a reason – they want to achieve something. So as AI matures, we could see far more highly-targeted attacks taking place.

AI phishing

While it’s likely that AI-powered hacking will begin its life as the preserve of nation-states, it’s only a matter of time before this sort of attack becomes commonplace in the regular market. Let’s consider phishing as a case study for how this might look.

At the moment, its often easy to tell if an email is a phishing attempt from the way it’s written with misspelled words and odd grammar. AI could eliminate that ability. Let’s say that AI can write better than 60% of people, using colloquialisms and idiomatic phrasing – it’d be pretty hard to spot. And even if AI is only ‘as good’ as humans, it can be much faster and therefore more effective.

Phishing is one of the most lucrative forms of hacking – if AI can raise the rate of success from 12% to 15%, say, with half the human effort, then it could be worth it for hackers. We haven’t seen any truly malicious, AI-crafted spearfishing attempts yet, but it’s likely to be a very effective first step for AI cybercrime.

Crafting a defence

An effective defence comes down to having the right people and the right tools in place. It’s been several years now that organisations have been working to solve the information-overload problem in cyber security, yet still most security teams still have difficulty weeding out data theft incidents from the chaff.

Organisations have realised that the collection of user and application access to data is a responsibility of cyber security.  Now security is feeling the pain of trying to understand this vast data.  The most successful teams are leveraging AI or machine learning to perform these analysis activities to meet both the organisation’s and any regulation needs.

The recommendation for companies is always ‘don’t try to boil the ocean’. You’re not going to prevent every attack. Your focus should be on discovering where your critical resources are and what you can do to mitigate the risk on those resources specifically. If data is your most critical resource, what do you know about it?

Perimeter defences aren’t the best investment if you don’t also have visibility into your databases and files or appropriate security for your key apps. Where is the most risk and the most value for the hacker? It’s not at the perimeter – it’s in your databases. Are you able to tell who’s accessed your data, how they accessed it, what they accessed and whether they should have taken it?

If you’re not watching your data, you’re not protecting the only thing that will realistically be stolen from your data centres.

GI Joe used to say that ‘knowing is half the battle’. But these days it’s the whole battle. Telling a regulator that you don’t know what was taken post-breach can cost hundreds of millions these days.  AI cybercrime is coming – make sure you can protect your valuable data.

 

Original post: https://www.technative.io/cybercrime-meet-ai/

79 comentários em “Cybercrime, meet AI

  1. Howdy are using WordPress for your blog platform? I’m new to the blog world but I’m
    trying to get started and create my own. Do you need any html coding knowledge to make your
    own blog? Any help would be greatly appreciated!

  2. I truly love your website.. Very nice colors & theme.
    Did you develop this website yourself? Please reply back as I’m trying to create my very
    own website and want to know where you got this from or just what the theme is called.

    Cheers!

  3. I have learn some good stuff here. Certainly price bookmarking for revisiting.
    I surprise how much attempt you put to create the
    sort of wonderful informative web site.

  4. Thank you for another informative website. The place else could I am getting that type of information written in such a perfect
    way? I have a venture that I’m simply now working on, and I’ve been on the glance out
    for such info.

  5. I’m not sure exactly why but this site is loading incredibly slow for me.

    Is anyone else having this problem or is it
    a problem on my end? I’ll check back later and see if the problem still
    exists.

  6. I’m the co-founder of JustCBD Store company (justcbdstore.com) and am trying to expand my wholesale side of company. I really hope that someone at targetdomain can help me . I thought that the most effective way to accomplish this would be to reach out to vape companies and cbd stores. I was hoping if anyone could suggest a trustworthy web-site where I can get CBD Shops Business Email Addresses I am presently considering creativebeartech.com, theeliquidboutique.co.uk and wowitloveithaveit.com. Unsure which one would be the most suitable choice and would appreciate any advice on this. Or would it be easier for me to scrape my own leads? Suggestions?

  7. I am the business owner of JustCBD brand (justcbdstore.com) and I’m presently seeking to grow my wholesale side of company. It would be great if someone at targetdomain is able to provide some guidance 🙂 I thought that the most suitable way to do this would be to connect to vape companies and cbd retailers. I was really hoping if anybody at all could recommend a reliable web site where I can get CBD Shops BUSINESS DATA I am already examining creativebeartech.com, theeliquidboutique.co.uk and wowitloveithaveit.com. Unsure which one would be the very best choice and would appreciate any assistance on this. Or would it be simpler for me to scrape my own leads? Ideas?

  8. Hi, I do think this is a great site. I stumbledupon it 😉 I am going to revisit once again since i have bookmarked it. Money and freedom is the best way to change, may you be rich and continue to guide others.

  9. You’ve made some really good points there. I checked on the internet for more information about the issue and found most people will go along with your views on this website.

  10. An impressive share! I’ve just forwarded this onto a coworker who has been conducting a little homework on this. And he in fact ordered me lunch simply because I stumbled upon it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanks for spending time to discuss this subject here on your web site.

  11. Good post. I learn something totally new and challenging on sites I stumbleupon everyday. It will always be useful to read articles from other writers and practice something from their sites.

  12. Next time I read a blog, I hope that it won’t disappoint me as much as this particular one. After all, Yes, it was my choice to read, but I actually believed you’d have something interesting to say. All I hear is a bunch of moaning about something you could possibly fix if you weren’t too busy seeking attention.

  13. Have you ever thought about adding a little bit more than just your articles?

    I mean, what you say is valuable and everything. But just imagine if
    you added some great visuals or video clips to give your posts more, “pop”!
    Your content is excellent but with images and clips, this
    blog could certainly be one of the very best in its field.

    Great blog!

  14. Having read this I thought it was rather informative. I appreciate you taking the time and energy to put this information together. I once again find myself spending way too much time both reading and commenting. But so what, it was still worthwhile!

  15. I’m very pleased to discover this website. I want to to thank you for your time for this particularly fantastic read!! I definitely really liked every part of it and i also have you saved as a favorite to look at new stuff on your blog.

  16. This is the right site for anybody who hopes to understand this topic. You realize so much its almost hard to argue with you (not that I really will need to…HaHa). You certainly put a new spin on a subject that’s been written about for years. Wonderful stuff, just great!

  17. I blog frequently and I genuinely appreciate your content. Your article has truly peaked my interest. I am going to book mark your website and keep checking for new information about once per week. I subscribed to your Feed too.

  18. After looking into a few of the blog posts on your website, I seriously appreciate your way of writing a blog. I added it to my bookmark website list and will be checking back in the near future. Take a look at my website too and let me know how you feel.

  19. I blog often and I seriously thank you for your content. This great article has truly peaked my interest. I’m going to take a note of your blog and keep checking for new information about once per week. I subscribed to your Feed as well.

  20. Hi there, I do think your website might be having web browser compatibility issues. When I look at your website in Safari, it looks fine however, when opening in IE, it’s got some overlapping issues. I merely wanted to give you a quick heads up! Other than that, wonderful website!

  21. Hi, I do believe this is an excellent blog. I stumbledupon it 😉 I will return once again since I book marked it. Money and freedom is the greatest way to change, may you be rich and continue to help other people.

  22. You can definitely see your skills within the article you write.
    The sector hopes for more passionate writers such as
    you who are not afraid to mention how they believe. Always go after
    your heart.

  23. You are so interesting! I don’t believe I have read something like that before. So nice to discover someone with a few original thoughts on this issue. Seriously.. thanks for starting this up. This site is something that is needed on the web, someone with some originality!

  24. I must thank you for the efforts you’ve put in writing this website. I’m hoping to check out the same high-grade blog posts by you later on as well. In fact, your creative writing abilities has inspired me to get my very own blog now 😉

  25. Howdy, I do think your site might be having internet browser compatibility problems. When I look at your website in Safari, it looks fine however, if opening in IE, it has some overlapping issues. I merely wanted to provide you with a quick heads up! Other than that, excellent blog!

  26. An outstanding share! I’ve just forwarded this onto a co-worker who has been doing a little homework on this. And he actually bought me dinner because I discovered it for him… lol. So let me reword this…. Thank YOU for the meal!! But yeah, thanx for spending time to discuss this matter here on your site.

  27. I’m impressed, I must say. Rarely do I come across a blog that’s both equally educative and interesting, and without a doubt, you have hit the nail on the head. The issue is an issue that too few men and women are speaking intelligently about. I am very happy I came across this during my search for something concerning this.

  28. After I originally left a comment I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on every time a comment is added I receive 4 emails with the same comment. Is there a means you can remove me from that service? Thank you!

  29. I must thank you for the efforts you’ve put in writing this website. I really hope to check out the same high-grade blog posts from you in the future as well. In truth, your creative writing abilities has encouraged me to get my own website now 😉

  30. Howdy! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying to get
    my blog to rank for some targeted keywords but I’m not seeing very
    good success. If you know of any please share. Thanks!

  31. I’m not sure where you’re getting your info,
    however good topic. I must spend a while studying much more or understanding more.

    Thank you for excellent information I used to be on the
    lookout for this info for my mission.

  32. Howdy! This article couldn’t be written much better! Going through this article reminds me of my previous roommate! He always kept talking about this. I will forward this article to him. Fairly certain he will have a very good read. Thanks for sharing!

  33. An interesting discussion is definitely worth comment. I do think that you ought to publish more about this subject matter, it might not be a taboo subject but usually folks don’t talk about these issues. To the next! Best wishes!!

  34. After I originally left a comment I seem to have clicked the -Notify me when new comments are added- checkbox and from now on each time a comment is added I recieve 4 emails with the same comment. Perhaps there is a way you can remove me from that service? Thank you!

  35. The very next time I read a blog, Hopefully it won’t disappoint me just as much as this particular one. I mean, I know it was my choice to read through, but I genuinely believed you would have something helpful to talk about. All I hear is a bunch of moaning about something you can fix if you weren’t too busy looking for attention.

  36. After going over a number of the articles on your blog, I truly like your technique of blogging. I book marked it to my bookmark website list and will be checking back soon. Please check out my website as well and tell me your opinion.

  37. Nice post. I learn something new and challenging on websites I stumbleupon on a daily basis. It’s always interesting to read content from other authors and practice a little something from other sites.

  38. Can I simply say what a relief to find a person that truly knows what they are discussing online. You actually realize how to bring an issue to light and make it important. More and more people have to look at this and understand this side of your story. It’s surprising you’re not more popular given that you surely have the gift.

  39. Hey there! I simply would like to offer you a big thumbs up for your great information you have got right here on this post. I am coming back to your blog for more soon.

  40. Hi, I do think this is an excellent website. I stumbledupon it 😉 I may return yet again since i have book marked it. Money and freedom is the greatest way to change, may you be rich and continue to help other people.

  41. A motivating discussion is definitely worth comment. I do believe that you ought to write more about this topic, it might not be a taboo subject but generally folks don’t speak about these topics. To the next! Many thanks!!

Leave a Reply

Your email address will not be published. Required fields are marked *