The Dark Side of AI: How it’s Revolutionizing Cyberattacks

When buzzwords go bad

Unless you’ve been living under a rock your entire life, or you’ve just recently been thawed from ice—and I mean no offence if that’s the case; they can be very comfortable ways to live—then you’ve surely heard the latest two-letter buzzword: AI.

AI, or artificial intelligence, enables machines to understand their environment and use learning and intelligence to make decisions that maximize their chances of achieving defined goals. Recent years have seen AI’s ability to act as a virtual assistant, a translator, a vehicle operator, and even an artist, among countless other roles.

The short answer: AI is well on the way of doing a lot of the things we’ve been used to doing manually for years, but much faster and sometimes even better.

And now AI is in the hands of threat actors.

Cause …

Cyberattacks continue to grow in prevalence and sophistication, as seen in the increasing number of headlines from around the world. So too has the use of AI grown in helping carry out these attacks.

AI, and by extension machine learning, has empowered cybercriminals to launch attacks with unprecedented accuracy, speed, and at scales that were difficult to achieve solely by human hackers. For the sake of simplicity, this article will assume machine learning to be a subset of artificial intelligence and will conflate the two when referring to AI.

There are several characteristics of AI that make it exceptionally powerful when used to carry out cyberattacks:

• Streamlined Data Collection: The reconnaissance phase is crucial in any cyberattack, involving the search for targets, vulnerabilities, and valuable assets. AI can significantly speed up this process by automating much of the preliminary work, thereby reducing the time needed for research and enhancing the precision and thoroughness of the analysis
• Personalization: AI excels at data scraping, which involves collecting and analyzing information from public sources like social media and corporate websites. In the context of cyberattacks, this data can be used to craft highly personalized and timely messages, forming the basis for phishing and other social engineering attacks
• Targeted Attacks on Employees: Similar to attack personalization, AI can identify high-value targets within an organization. These individuals might have access to sensitive information, extensive system privileges, lower technological proficiency, or close relationships with other key targets
• Attack Automation: Traditionally, cyberattacks required extensive manual intervention from human attackers. However, the increasing availability of AI and generative AI tools is enabling adversaries to automate both the research and execution phases of attacks. This can lead to ease of entry for less sophisticated hackers as they can now access stronger attack capabilities without the same level of knowledge traditionally required
• Adaptive Learning: AI algorithms continuously learn and adapt. Just as these tools evolve to provide more accurate insights for legitimate users, they also help attackers refine their techniques and evade detection

These five characteristics help lay the foundation for truly dangerous cyberattacks, the kind that can be carried out much quicker and easier than before while potentially proving even more problematic than traditional attacks.

… And effect

With the inclusion of AI in their cybercrime toolbox, these dangerous individuals can greatly enhance how they attack targets or create entirely new forms of attacks. Some of these attack types augmented by AI include:

• Social Engineering: Cybercriminals employ various psychological manipulation techniques to deceive users into divulging their credentials, credit card information, and personal details. These tactics include phishing, baiting, vishing, pretexting, and compromising both personal and corporate emails. By leveraging generative AI, attackers can create phishing emails and fake websites that are highly personalized, convincing, and closely resemble legitimate sites. This makes it challenging for users to identify malicious emails, leading them to unwittingly provide their personal information. Additionally, AI can automate and scale the creation and distribution of these deceptive emails and content, increasing the speed and intensity of such attacks
• Malware: In the past, malware behaviour and properties were analyzed to develop signatures used by antivirus software and intrusion detection systems to identify and block malicious software. Nowadays, cybercriminals are using generative AI to create dynamic and rapidly evolving malware. This makes it difficult for traditional security tools to detect and counteract these ever-changing threats
• Deepfakes: Attackers utilize AI technology to craft deceptive and misleading campaigns by manipulating audio and visual content. By intercepting phone calls and using images and videos from social media, they can impersonate individuals and produce content designed to mislead or manipulate public opinion. AI enhances the realism and credibility of this fake content, making it appear legitimate. When combined with social engineering, extortion, and other schemes, these attacks can have devastating effects
• Brute Force Attacks: AI has advanced the tools and techniques used in brute force attacks, enabling cybercriminals to improve the algorithms used to crack passwords. This results in more accurate and faster password deciphering
• Automated Attacks: Malicious actors are increasingly using AI-powered bots to automate the detection of vulnerabilities in websites, systems, and networks. Once identified, these bots can further automate the exploitation of these weaknesses, allowing hackers to scale their attacks and inflict greater damage
• Cyber Espionage: Generative AI can automate the extraction and analysis of data from compromised networks, making it easier for cybercriminals to steal sensitive and confidential information
• Ransomware Attacks: Hackers can use AI to streamline the process of identifying vulnerabilities within a target organization’s network. They can then automate the exploitation of these weaknesses and the encryption of company files and folders. The attackers demand a ransom payment in exchange for the decryption key needed to recover the data. AI simplifies and accelerates this entire process, making it more efficient for cybercriminals
• IoT Attacks: Cybercriminals are using AI to bypass Intrusion Detection Systems and attack Internet of Things (IoT) networks. AI is employed to conduct input attacks, algorithm/data poisoning, fake data injection, and automated vulnerability detection using techniques like fuzzing and symbolic execution

Offensive AI risks like these are beginning to redefine enterprise cybersecurity, prompting those on the defensive side of things to figure out how to effectively combat them.

From offence to defence

There is still hope. While threat actors have certainly been getting their feet wet with AI’s potential to boost their attack power, cybersecurity vendors have been doing the same, implementing AI in their products and solutions to bolster defensive capabilities.

Join us next week when we explore the more positive side of AI and the role it can play in cybersecurity.

Until then, feel free to return to your rock or put yourself on ice—it may make the wait feel shorter!