AI: Rise of the Machines
In the last few years, artificial intelligence has become a much more common part of our daily lives. Whether it’s the Facebook’s News Feed or Waze’s routing algorithm, most of us probably use AI every day.
What you may not know is that AI is being applied in the cybersecurity world as well, both for good and bad. At its essence, AI can be used for automation and to make decisions based on what it has learned over time.
These properties can be used in a number of different ways to help defend against attacks, but they can also be used to mount new ones or increase the efficiency of hacker staples. Because of this, AI isn’t really seen as a boon for either side of the cybersecurity divide.
Instead, it’s simply a new technological development, and much like those that came before it, it will just mean a shift in the way that both white hat and black hat hackers operate.
The Cybersecurity Benefits of AI
One of the main benefits of AI is that it opens up a new way to detect and stop threats. Traditional antivirus programs find malware by searching for file signatures, while network abnormalities are found through rule-based systems.
For either of these tactics to work, the threat generally needs to have been seen before. Once a new malware attack is discovered, antivirus providers log its signature and then send it to the antivirus software of users, so that they can detect it in future.
The big issue with this approach is that it isn’t useful against attacks that have never been seen before. When adversaries come up with innovative attacks, they can use them to slip straight into systems. These initial attacks can cause significant damage, all before antivirus software is aware of the threat.
The difference with an AI approach is that it isn’t so reactive. Instead of waiting until after attacks have infiltrated systems to develop defenses, AI can look for patterns, learn and adapt, which can help it to stop many attacks that slip straight past other cybersecurity mechanisms
As an example of how AI can work, let’s look at ransomware. Once it executes, it scans through a victim’s files, makes copies of the ones it thinks are important, sends the encryption keys to the attacker and deletes the original files.
These aren’t steps that you ever really see in legitimate software, so whenever security AI notices a pattern like this taking place, it could put a stop to the attack before it it causes any damage. In contrast, if a user’s antivirus didn’t already have the ransomware’s signature, it could get through undetected and the user’s files would be locked.
Normal antivirus software can only look for signatures for what it knows is malware. AI has the potential to notice patterns that look like malware and put a stop to it.
The Dark Side of AI in Cybersecurity
While AI will make many traditional attacks more difficult for hackers, it also opens up a number of new doors for them. Since AI has the ability to learn and recognize patterns, it follows that it can begin to understand the defenses that are in place and come up with ways to get around them.
On top of this, AI has the potential to automate many of the attacks we already see, making them much more efficient and cheaper for criminals to execute. AI can help take the labor out of spearphishing, allowing scammers to automate their attacks, and target many more people.
It can also be used to replicate someone’s voice, all from just 10 minutes of speech. This could have tremendous impacts – imagine getting a panicked phone call from your partner. You probably wouldn’t be thinking, and would comply with whatever they asked for to help them. Much later, you would find out that it wasn’t your partner after all, but a hacker who has now stolen your identity.
These aren’t the only applications. AI also has the potential to help hackers sniff packets and scan for vulnerable ports, as well as accomplish a range of other malicious tasks at scale.
AI: A New Era
At the end of the day, AI in cybersecurity is neither good nor bad. It just represents a new era. It will open up the doors for innovative attacks, but we will also gain new security techniques and abilities. The important thing is for the industry to be aware of the changes and to be as prepared as possible for this new generation of information security.
- None Found