What Does an AI-Powered Cyber Attack Look Like?

cover image

The increasing scale and impact of cyberattacks

Cyberattacks are widely regarded by governments and NGOs as one of the biggest threats to global security. Indeed, cyberattacks today are nothing like what they were like five years ago in terms of accessibility and capability. More sophisticated attack methods, along with increasing automation, have made it easier for threat actors to launch attacks at a greater scale with larger impacts.

Take ransomware attacks as an example. Since 2017, ransomware has become one of the most popular tools used for cyberattacks. Ransomware attacks targeting both the public and private sectors now happen on a daily basis around the world. The rise in ransomware is because it is very difficult to detect these attacks with traditional cybersecurity measures like network firewalls. The intrusion can take place through email phishing, via web applications, or by exploiting software and hardware vulnerabilities. Victims of ransomware attacks include governments, schools, hospitals, and enterprises. Many victims suffer severe damages ranging from financial and reputational losses, operation disruptions, infrastructure damages, to even death, as witnessed in a hospital in Germany.


The rise of defensive AI

As threat actors come up with increasingly sophisticated attack methods, traditional security tools that add specific attack patterns to their signature lists become less effective. This is why cybersecurity products today tend to add machine learning and artificial intelligence (AI) technologies to their preventative and predictive tools. The use of AI for defensive purposes is called defensive AI.

Take web application firewalls (WAF) for example, Penta Security’s WAPPLES uses AI to derive a set of 33 rules that could replace over 8000 signatures as used in traditional signature-based WAFs. Since these rules are created by (machine) learning all previous attack patterns, they are capable of identifying newly formed attack patterns that traditional signatures cannot detect.


Offensive AI is only a matter of time

The cybersecurity field is very dynamic in that no one should expect a silver bullet that would keep them safe forever. Looking back on history, it has always been a catch-up game between cybersecurity technologies and hackers. Thus, if AI can be applied to cybersecurity tools, it also can be applied to attack tools. Even though AI-powered cyberattacks are still very rare, it is very possible that they could become mainstream in the near future.


What does an AI-powered cyberattack look like?

Let’s look at the example of an intrusion via a phishing email. Traditionally, phishing emails are usually written manually and sent to a large number of recipients without specifically targeting each individual. This makes them easily distinguishable by anyone who pays close attention to the content. So how would AI do it differently?

First of all, AI can use natural language processing to understand and communicate in written language. This makes it possible for them to actually engage in email conversations and reply to the victim. Moreover, AI prototypes today are now able to self-identify the position of an employee within an organization based on their LinkedIn profiles, or by looking at their email signatures. By doing so, high-profile targets can be easily identified in no time. Lastly, it would study the targets based on their social media posts to send highly personalized and contextualized emails that would make it very easy for even some of the most cautious people to fall into the trap.

After the victim downloads the AI-powered malware, the malware would quickly study the internal IT systems of the organization and navigate itself within the IT network by mimicking the communications of other legitimate systems within the network, making it not only difficult to detect, but also faster at spreading to nearby networks.


AI versus AI, who wins?

So, the future of cybersecurity would be centered around the war between offensive AI and defensive AI, making it a war of algorithms. Then, who has a better chance of winning the game?

Fortunately, many experts believe that defensive AI has an advantage over offensive AI. The main reason behind it is that AI’s capability depends on the quality of the data it is based on. When it comes to data, cybersecurity firms have a general advantage over hackers because they have access to high-quality data related to all recent attack methods and patterns from all kinds of attackers from around the world, as well as a deep understanding of every user and system within the network it is trying to protect. On the other hand, it is more difficult for hackers to gain complete, accurate, and high-quality data, especially detailed information from within the targeted network. In summary, defensive AI has an advantage because it is equipped with better weapons.

Before it is too late, organizations that use legacy security systems should upgrade immediately to the latest AI-powered security measures to stay prepared against any potential AI-powered cybeattacks.

To learn more about Penta Security’s AI-enabled rule-based detection engine, click here.


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security