In 1988, what is now considered "the world's first cyber attack" made headlines. It was the Morris worm, a personal malware project of Harvard graduate Robert Tappan Morris, that infected about 10% of the 60,000 computers online at the time, causing a seismic shift in attitudes toward computer security.
About the Author Max Heinemeyer, Director of Threat Hunting, Darktrace. Three decades later, cybersecurity is one of the biggest challenges of our time. Cybercrime has moved rapidly from an academic research project to a global marketplace for professional cybercrime services, and in the geopolitical realm, governments have turned to hyper-advanced cyber attack tools that can start in cyberspace and lead to damage. physical. and disruption of your opponents' critical IT infrastructure. As businesses, schools, hospitals, and every other element of the social fabric have embraced the Internet, cyber-attacks now rank among natural disasters and climate change on the Forum's annual list of the world's most serious threats. . Global economy.
New detection signatures
Over the years, hackers have consistently reinforced the old adage: "where there's a will, there's a way." While defenders have introduced new rules into their firewalls or developed new detection signatures based on attacks they've seen, hackers have constantly refocused their attack methodology to evade traditional defenses, leaving organizations to catch up and fight back. for a plan B against an attack. A paradigm shift occurred in 2017 when the destructive WannaCry and NotPetya ransomware ``worms'' shocked the security world, bypassing traditional tools like firewalls to cripple thousands of organizations in 150 countries. including various NHS agencies. A crucial response to the onset of increasingly sophisticated and new attacks has been AI-based defenses, a development driven by the philosophy that information about yesterday's attacks cannot predict tomorrow's threats. Artificial intelligence has been used to understand what is "normal" for a digital environment and spot gaps as they emerge, signaling a move away from traditional defense approaches.
Next evolution
In recent years, thousands of organizations have relied on machine algorithms with the ability to respond at computer speed to rapid attacks. This active and defensive use of AI has fundamentally changed the role of security teams, freeing humans to focus on corporate communication and remediation plans to make the global environment more resilient going forward. In the next evolution of the attack landscape, hackers are now leveraging machine learning to deploy malicious algorithms that can continually adapt, learn, and improve to evade detection and signalling. The next paradigm shift in the cybersecurity landscape: AI-powered attacks. A recent Forrester study found that 88% of security professionals expect AI-based attacks to become commonplace in what has already proven to be an era of hyper-change in cyber-attacks, it's just a matter of time.
Offensive AI
"Offensive AI" will exploit AI's ability to learn and adapt, ushering in a new era of attack where highly personalized, human-mimicking attacks are scalable and travel at machine speed. Offensive AI could land on a target's network and use the information it sees to direct an attack, automatically determining where the most valuable data is located. We're already seeing the early signs: AI-manipulated 'fake' content designed to spread disinformation is an urgent concern for social media giants, and last year we saw a British energy company fall victim to 'a scam' of €200,000 when a hacker used AI to impersonate. the voice of a CEO in a phone call. Open source AI research projects, tools that could be used to supercharge each phase of the attack lifecycle, already exist today. Soon they will undoubtedly join the list of paid hacking services available for purchase on the dark web.
AI attacks
At Darktrace AI Labs, we have offensive AI prototypes that autonomously determine an organization's most prestigious targets based on their social media exposure, all within seconds. The AI then creates contextualized phishing emails and selects an appropriate sender to spoof and forward the emails, prompting victims to click a malicious link or open an attachment that will grant additional access to the targeted organization. We tested this prototype against our own defensive AI, mimicking what we expect to see happen soon in the real world: AI fighting AI in a battle of algorithms. Armed with this research, the defenders have time on their side. Defensive AI has been around for 7 years, enabling real-world organizations to understand their digital environments with machine-speed insight. Today, just under 4.000 organizations use AI every day in their daily fight against malicious attackers. Armed with more data, the defensive AI sees more. Powered by unsupervised machine learning, defensive AI has a complex understanding of every user and device on the network it protects, and uses this evolving understanding to detect subtle gaps that could be the hallmark of an emerging attack. With this "view panorama" of digital activity, cyberIA will detect offending AI as soon as it starts manipulating the data.
Machine versus machine
When an attacker AI makes noise, the defensive AI will make smart micro-decisions to block the activity; the offensive AI may well take advantage of its speed, but that's something the defensive AI will also bring to the arms race. Humans must retreat, it's a machine fight. When this major leap in attacker innovation inevitably occurs, investigation, response, and remediation must be carried out with the speed and insight of AI. Only AI can fight against AI. A new era of cyber defense is just beginning, but we have reason to be optimistic: it's a new phase of cyber warfare that defenders have long been armed with, ensuring that when the arms race If AI starts the gun, the good guys They will be one step ahead.