3 Ways Our Cyber Tools are Turned Against Us (Cybersecurity Trends 2023)

With easy access to cloud environments, AI counterattacks are relatively easy to develop. We need to focus: sophisticated Adversarial AI will be our reality going forward.

We may never have enough trained cyber professionals to fill the staffing needs of organizations, but thankfully we are leveraging great AI to supplement cyber defense in unique ways. Despite my advocacy of accelerated cyber workforce training programs, AI-enabled software will significantly fill in for the skills gap. Above and beyond that AI will also provide the most sophisticated capabilities the world can devise to protect organizations.

Today many different systems already provide AI assistance as a platform for broader security automation. Security orchestration, automation and response (SOAR) packages, as well as new security information and event management (SIEM) systems and extended detection and response (XDR) systems infuse their systems with AI to power anomaly detection. Vendors including Fortinet, Palo Alto Networks, Splunk and Swimlane have taken up AI as a central feature of new and evolved products.

Why?

Security teams today are swamped with data about potential suspicious activities, making it a huge challenge to find and remediate them. Thankfully, AI can scan for vulnerabilities to help identify real threats via pattern recognition, whether it’s in malware indicators, user behavioral trends or simple network traffic.

So it’s no surprise that attackers would be in the AI business as well. They adroitly try to exploit any kind of AI protection. Highly targeted and evasive attacks in benign carrier applications, such as DeepLocker, have demonstrated the intentional use of AI for harmful purposes.

Threat actors are constantly changing and improving their attack strategy. AI-based cyber attack (Adversarial AI) is being used in conjunction with conventional attack techniques to cause greater damage.

With easy access to cloud environments, AI counterattacks are relatively easy to develop. We need to focus: sophisticated Adversarial AI will be our reality going forward.

What are the top three ways attackers use AI and machine learning against defenders?

1) Testing AI defenses

The first — and simplest — way for organizations to test their own malware and attack practices on defenders is to determine the types of events and behaviors that are thwarted.

Machine learning models run by attackers can observe critical TTP (tactics, techniques and procedures) profiles and use them to build detection capabilities. By observing and predicting how TTP profiles are detected by security teams, adversaries can subtly and frequently modify indicators and behaviors to stay ahead of defenders who rely on these AI-based tools.

2) Poison AI with bad data

Attackers can use machine learning and AI to compromise defenders’ environments using inaccurate data to disrupt AI models. Security vendors depend on machine learning and AI models using correctly labeled data samples to build accurate and repeatable detection profiles. However there are three ways that attackers can poison the models:

• Use benign files that look like malware
• Create false positives out of patterns of behavior, and
• Introduce malicious files that AI training has labeled as safe.

3) Mapping existing AI models

Attackers map at a detailed level how AI models function and what they do. This allows them to disrupt machine learning operations and models actively during their cycles, tricking systems into favoring the attackers and their tactics. They can also evade known models altogether by subtly modifying data to avoid detection based on recognized patterns.

No doubt defending against AI cyber attacks is very difficult. AI is an equal opportunity player for the good and bad actors with technical security chops. Some ways to defend against threat actors armed with AI include:

• ensuring the accuracy of labels associated with data used in learning models,
• introducing adversarial techniques and tactics while modeling, and
• staying up to date with attackers’ tactics.

Conclusion

As AI-focused cybersecurity continues to advance, it’s crucial for security teams to adapt their defenses to stay ahead of attackers. AI-focused cybersecurity is not a cure-all for the labor shortage, but it greatly fortifies cyber defense’s speed of response. The attackers emboldened with their own AI know this. Staying ahead of them will be perhaps the challenge of the year…century…all time?

(published originally in the Gray Area)

Conclusion

As AI-focused cybersecurity continues to advance, it’s crucial for security teams to adapt their defenses to stay ahead of attackers. AI-focused cybersecurity is not a cure-all for the labor shortage, but it greatly fortifies cyber defense’s speed of response. The attackers emboldened with their own AI know this. Staying ahead of them will be perhaps the challenge of the day…year…century?