Over 30 years after the ‘first’ attack, the cyber threat landscape reaches the next evolution: offensive AI

Over 30 years after the ‘first’ attack, the cyber threat landscape reaches the next evolution: offensive AI

The world’s’ first cyber-attack’ hit the headlines in 1988. It was the Morris Worm – a personal project of the Harvard graduate Robert Tappan Morris which came to infect an estimated 10% of the 60,000 computers online at the time, prompting a seismic shift in attitudes to computer security.

Three decades later, cyber security is one of the greatest challenges of our age. Cyber-crime has rapidly evolved from an academic research project into a global marketplace of professional cyber-crime services, and on the geopolitical stage, governments have turned to hyper-advanced cyber-attack tools that can start in cyber space and lead to physical damage and disruption to their adversaries’ critical infrastructure.

Since businesses, schools, hospitals, and every other thread in the fabric of society has embraced the internet, cyber-attacks now stand among natural disasters and climate change in the World Economic Forum’s annual list of global society’s gravest threats.

Where there’s a will there’s a way

As the years have gone by, hackers have consistently reinforced the old adage: ‘where there’s a will there’s a way’. As defenders have inputted new rules into their firewalls or developed new detection signatures based on attacks they have seen, hackers have constantly reoriented their attack methodology to evade traditional defences, leaving organisations playing catch-up and scrambling for a plan B in the face of an attack. A paradigm shift came in 2017 when the destructive ransomware ‘worms’ WannaCry and NotPetya caught the security world unaware, bypassing traditional tools like firewalls to cripple thousands of organisations across 150 countries, including a number of NHS agencies.

A crucial response to the onset of increasingly sophisticated and novel attacks has been AI-powered defences, a development driven by the philosophy that information about yesterday’s attacks cannot predict tomorrow’s threats. AI has been leveraged to understand what is ‘normal’ for a digital environment and detect deviations as they emerge, signalling a movement away from legacy approaches to defence.

In recent years, thousands of organisations have entrusted machine algorithms to react at computer-speed to fast-moving attacks. This active, defensive use of AI has changed the role of security teams fundamentally, freeing up humans to focus on business communication and remediation plans to make the overall environment more resilient in the future.

AI powered attacks

In what is the attack landscape’s next evolution, hackers are now taking advantage of machine learning themselves to deploy malicious algorithms that can adapt, learn, and continuously improve in order to evade detection, signalling the next paradigm shift in the cyber security landscape: AI-powered attacks. A recent study by Forrester found that 88% of security professionals expect AI-driven attacks will become mainstream in what has already proven to be an era of hyper-change in cyber-attacks – it is only a matter of time.

‘Offensive AI’ will harness AI’s ability to learn and adapt, ushering in a new era of attacks in which highly-customised and human-mimicking attacks are scaleable – and travel at machine speed. Offensive AI could land on a target’s network and use the information that it sees to direct an attack, automatically working out where the most valuable data lies.

We’re already seeing the early signs – AI-manipulated ‘deepfake’ content designed to spread misinformation is a pressing concern for social media giants, and last year we saw a UK energy firm scammed out of £200,000 when a hacker used AI to impersonate a CEO’s voice in a phone call. Open source AI research projects, tools which could be leveraged to supercharge every phase of the attack lifecycle, already exist today. Soon, they will indubitably join the list of paid-for hacker services available for purchase on the dark web.

AI vs AI

There are now AI prototypes that autonomously determine an organisation’s most high-profile targets based on their social media exposure – all in a matter of seconds. The AI then crafts contextualised phishing emails and selects a fitting sender to spoof and fires the emails away, tricking victims into clicking on a malicious link or opening an attachment that will grant further access into the target organisation.

This prototype has been tested against replica offensive AI, mimicking what is expected to be seen happening soon in the real world: AI combating AI in a battle of algorithms. Armed with this research and more data, the defenders have time on their side and the defensive AI sees more.

Powered by unsupervised machine learning, defensive AI is equipped with a complex understanding of every user and device across the network it’s protecting and uses this evolving understanding to detect subtle deviations that might be the hallmarks of an emerging attack. With this ‘bird’s eye’ view of the digital business, cyber AI will spot offensive AI as soon as it starts to manipulate data.

When an AI attacker makes any kind of noise, defensive AI will make intelligent micro-decisions to block the activity – offensive AI may well be leveraged for its speed, but this is something that defensive AI will also bring to the arms race.

Humans must must step aside, this is a machine fight. When this major leap in attacker innovation inevitably occurs, investigation, response and remediation must be conducted with the speed and intuition of AI. Only AI can fight AI.

A new age in cyber defence is just beginning, but we have some cause for optimism: this is a new phase in cyber warfare that the defenders have long been arming themselves for, ensuring that when

the AI arms race starting pistol sounds, the good guys will have a head start.


Author:  Max Heinemeyer, Director of Threat Hunting at Darktrace


Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]