Understanding the double-edged sword of AI in cybersecurity

As artificial intelligence (AI) continues to advance, its impact on cybersecurity grows more significant. AI is an incredibly powerful tool in the hands of both cyberattackers and defenders, playing a pivotal role in the evolving landscape of digital threats and security defence mechanisms.

The role of AI in cyberattacks

  • The incorporation of AI improves malicious social engineering campaigns, creating a new era where cyberthreat actors are more convincingly deceptive. With access to vast amounts of data, cyberthreat actors can both increase the success and effectiveness of large-scale phishing campaigns or use this data to spread disinformation online. Correlating massive volumes of data enables cyberthreat actors to provide more convincing narratives targeted at specific users by considering time zones, keywords, geographical information, and language nuances. The resulting messages are highly targeted, more sophisticated, with fewer grammatical errors, and are highly believable. The emergence of deepfakes, hyper-realistic audiovisual fabrications powered by AI, creates novel avenues for deceiving targets, marking a dangerous evolution in the arsenal available to cyber adversaries.
  • AI enables ease of automation, reconnaissance, and exploitation. The exploitation of vulnerable systems has become more efficient due to the incorporation of AI into the cyberattack kill chain (referring to MITRE’s ATT&CK Framework). Automated tools can scan for weaknesses with malicious intent, aiding in the rapid development of exploits, zero-day attacks, and malicious software. The sheer volume of scanning that AI enables increases the likelihood of attackers gathering the information they need to carry out their attacks and successfully orchestrate a malicious event.
  • AI has significantly raised the bar for attacker techniques and sophistication. For instance, threat actors are using search engine ads as vectors for phishing attacks, directing victims to malicious websites that impersonate major financial institutions in various regions, including Asia-Pacific. The increase in exploit development and the discovery of vulnerabilities could also indicate the overall increased sophistication due to AI use in cyberthreat actor targeting.
  • By manipulating AI algorithms, cyberthreat actors are also manipulating the data consumed by these algorithms. By inserting incorrect information into legitimate but compromised sources, they can “poison” AI systems, causing them to err or export bad information. This sort of adversarial attack involves feeding AI systems bad data to subvert their intended purpose. Intentional corruption of code and data represents a significant challenge, as developers have yet to devise a foolproof defence. As it stands for any machine learning — bad data in equals bad data out.

The role of AI in cyber defence 

While attackers are leveraging AI to craft more sophisticated attacks, cybersecurity professionals are employing AI to bolster defences.

  • AI-driven security systems can analyse vast amounts of data to identify patterns indicative of cyberthreats, providing a proactive approach to threat detection. Machine learning algorithms are being trained to recognise the signs of an intrusion, identifying them before any significant damage is done.
  • Specifically, enhanced AI systems are adept at monitoring networks for unusual activities that could indicate a security breach. By continuously analysing network traffic, these systems can detect anomalies that deviate from normal patterns, such as unusual login times, high data traffic, or unrecognised IP addresses. Machine learning algorithms within these systems learn over time, reducing false positives and increasing their accuracy in identifying genuine threats.
  • AI can forecast potential vulnerabilities and attack vectors before they are exploited by leveraging predictive and behavioural analytics. This allows organisations to patch security gaps and reinforce their defences proactively, ahead of attackers discovering these weak spots.
  • AI-driven behavioural analytics take threat detection a step further by understanding the normal behaviour of users and entities within a network. This deep learning aspect of AI can distinguish between legitimate user actions and potential threats by detecting behavioural anomalies, such as sudden changes in file access patterns or data transfer volumes, which could signify a compromised account or an insider threat.
  • AI can enhance and increase cyber defender capabilities and triaging. By sifting through massive data sets and identifying threats, AI frees up human analysts to focus on more complex tasks such as threat hunting, forensic analysis, automatically combining different source information, and strategic security planning. This collaboration between human intelligence and artificial intelligence will most assuredly result in a more robust cyber defensive posture.

The arms race between cyberattackers and defenders continues to accelerate with the integration of AI into their arsenals. While AI presents formidable challenges in the form of more sophisticated and targeted cyberattacks, it also offers powerful tools for cybersecurity professionals to protect digital assets, networks, and systems. As we navigate this new landscape, it is imperative that we continue to develop innovative AI-driven solutions to stay ahead of threats and safeguard against the malicious use of this technology.