28 July 2020

Delving Into the Weaponization of AI

Derek Manky 

Digital transformation continues to multiply the potential attack surface exponentially, bringing new opportunities for the cyber-criminal community. In addition to their expanding arsenal of sophisticated malware and zero day threats, AI and machine learning are new tools being added to their toolbox. To the surprise of almost no-one, AI is being weaponized by cyber adversaries.

Leveraging AI and automation enables bad actors to commit more attacks at a faster rate – and that means security teams are going to have to likewise quicken their speed to keep up. Adding fuel to the fire, this is happening in real-time, and we’re seeing rapid development, so there is little time for deciding whether to deploy your own AI countermeasures.

AI offers cyber actors more bang for the buck

Just like their victims, cyber actors are subject to economic realities: zero day threats can cost upwards of six figures to identify and exploit; developing new threats and malware takes time and can be expensive, as can renting Malware as a Service tools off the dark web. Like anyone else, they are looking to get the most bang for their buck, that means getting the most ROI with the least amount of overhead expenditure, including money, time, and effort, while maximizing the efficiency and efficacy of the tools they’re using.


Using AI and ML enables cyber-criminals to create malware that can self-seek for vulnerabilities and then autonomously determine which payloads will be the most successful without exposing itself through constant communications back to its C2 server.

We have already seen multi-vector attacks combined with advanced persistent threats (APTs) or an array of payloads. AI accelerates the effectiveness of these tools by autonomously learning about targeted systems so attacks can be laser focused rather than taking the usual slower, scattershot approach that can alert a victim that they are under attack.

AI reduces time to breach

We can all expect attacks to become faster than ever before, especially as technologies such as 5G connections are added to networks. 5G also enables edge devices to communicate faster, creating ad hoc networks that are harder to secure and easier to exploit. This can lead to swarm-based attacks where individual elements perform a specific function as part of a larger, coordinated attack.

When you incorporate AI into a network of connected devices that can communicate at 5G speeds, you create a scenario where those devices can not only launch an attack on their own, but customize that attack at digital speeds based on what it learns during the attack process.

With swarm technology, intelligent swarms of bots can share information and learn from each in other in real-time. By incorporating self-learning technologies, cyber-criminals can create attacks capable of quickly assessing vulnerabilities – and then apply methods of countering efforts to stop them.

AI-based cyber-attacks will be more affordable

Traditional cyber weapons built by humans can be complex to build. Because of this, they can sell for a lot of money on the dark web. With AI in place, bad actors will be able to build weapons far more quickly, in greater quantity, and with more flexibility than ever before.

This will decrease their black market value, while at the same time, these AI-based weapons will be more plentiful and readily available to a greater number of people. In the age-old battle of quality versus quantity, threat actors will no longer need to choose: quantity will increase while quality will improve as well.

AI is AI’s greatest enemy

Solutions that use AI-based strategies are the only effective defense against AI-enhanced attack strategies. However, AI takes time – often years – and specialized skills to develop and train. It is far more than the specialized scripts many vendors label as AI, because not everyone understands what goes into a legitimate AI solution, enterprises looking to “fight fire with fire” can be left in a quandary as to which solutions they should select.

This decision is critical, as future cyber battles may evolve into “Flash Wars” where interactions between defensive and adversarial AI systems become so fast that the attack/defense cycle is over in microseconds. Like traditional stock traders trying to compete against systems that can bid for stocks using algorithms and AI/ML models, network security professionals do not want to have to compete without having the right tools in place.

Preparing now for the coming challenges

Swarm-based network attacks are still likely a couple of years away, but the impact of AI-enhanced threats are right around the corner. Enterprises need to start preparing now for this reality and it starts with basic cybersecurity hygiene. This is about more than just having a patching and updating program in place, it also includes having proper security architectures and segmentation in place to reduce a company’s attack surface and prevent hackers from gaining access to the wider system.

Collaboration is another key component to combatting the weaponization of AI. Security solutions need to be able to see and share threat intelligence, and participate in a unified and coordinated response to a detected threat, even across different network ecosystems such as multi-cloud environments.

Deception is another important tool to add to your arsenal, and which will increase in importance as attacks become faster and more sophisticated. It’s essentially counterintelligence – deploying decoys across the network to lure in attackers and unmask them because they’re unable to tell which assets are real and which are fake.

AI gives security teams the upper hand in the cyber arms race

As threat actors gain decreased latency and more intelligent attack resources, security teams will have to respond with even greater speed and intelligence. Humans alone cannot respond to these coming threats, and neither can the traditional security solutions they have in place. Instead, defensive strategies will have to incorporate advanced automation technology, including ML and AI.

Ultimately, enterprises have far more resources available to them than cyber-criminals do. Teams that can incorporate technologies like machine learning and AI into their cyber defenses will be able to build the quintessential security system that will not only able them to survive, but for the first time ever, gain the upper hand in the escalating cyber war.

No comments: