Evil machines that learn, reason and are hellbent on human destruction have long been science fiction fodder and a persistent obsession among conspiracy theorists. Fortunately, no Terminator-type universe has emerged just yet. But that doesn’t mean we don’t have to worry about threats powered by artificial intelligence (AI) and machine learning (ML). The technologies are real, active and working in the service of cybercrooks.
Ghosts in the machines
AI can learn to “look legitimate” to network and security monitoring platforms by embedding malware into processes, updating its rhythms and activities, making detection more difficult. AI can wreak more havoc to infrastructure as well – malware penetrates defenses (or exploits openings it discovers) and lays dormant over time, years, even, waiting to activate at a time that will cause the most damage. The threat’s strategies could be as simple as time-based deployment (e.g., waiting through backup cycles until it’s invaded both primary and backup data before launching) and as complex as intelligence-based event activation, such as active-user or subscription thresholds.
An even more prominent angle of attack is realistic human impersonation. In fact, spear phishing and whaling are among the scariest emerging concerns when it comes to AI-enhanced cyberattacks – particularly with the advancement occurring in natural language processing (NLP) and natural language generation (NLG) algorithms.
Over time, AI-powered attacks will encompass a staggering array of infrastructure and communications channels – from deep-fake-enhanced vishing that targets companies and individuals, to intelligent disinformation campaigns that target societies.
Protecting Your Clients
The speed, depth and sophistication of AI- and ML-powered attacks will only become more potent over time. To keep pace, your clients need AI- and ML-powered threat intelligence and defense solutions with multiple cyber resilience layers, covering everything from centralized infrastructure all the way out to edge devices connecting remote workers.
To accomplish this, you need the right AI- and ML-powered cyber resilience supplier to partner with and to help open discussions with clients. Since phishing has been incredibly successful – and a constant worry for your clients – it presents a logical starting point. Here are some talking points that might be helpful in guiding the discussion:
- Cybercriminals are using AI to target the right people with the right messages in phishing campaigns, and they’re increasingly targeting high-value targets with access to the most sensitive data.
- That means they’re targeting your HR, accounting and IT managers through spear phishing with messages that look real and relevant to their jobs.
- They’re using the same tactics to target your C-suite. It’s called “whaling” and they aren’t just aiming for the CEO. CFOs, CIOs, COOs and many more members of your senior management team have access to many types of sensitive information. They’re all active targets.
Once you’re into the discussion, you can mention that cybercrooks use AI to probe for weaknesses in core infrastructure. The also look for remote connections and drop time bombs into infrastructure that wait until the right time to cause the maximum damage.
From here, you’ll (hopefully) be able to facilitate a productive discussion on the importance of fighting AI with stronger, better AI, and why it’s vital to have a fully developed cyber resilience strategy.