Bad AI vs. good AI
Will we soon see criminal AI-driven threats waging war with AI cybersecurity systems? It seems such a scenario is moving off the pages of a Hollywood script and into reality, because AI-based security developments serve a dual use – one for good, one for bad.
The World Economic Forum (WEF) says that although AI systems were originally developed to crack down on cyberthreats, their low-cost, scalable, automated and anonymous nature provide exactly the toolset criminals are looking for. The WEF suggests that malicious use of AI will soon be more commonplace, with hackers using it to optimize approaches that avoid detection or create content that is indistinguishable from that made by humans in phishing or social engineering attacks.
The issue is so worrying that a number of academic institutions, including The Future of Humanity Institute, Oxford University and Cambridge University, recently published recommendations for handling the dual-use nature of AI, urging developers and engineers working in the space to exercise vigilance and caution in their work.
Even though enterprises are becoming better at staying on top of threats, the next line in the cybersecurity battlefield has already been drawn by the emergence of polymorphic malware – the type that constantly mutates and thereby can fool systems that rely on recognizing a static signature.
Gartner says that enterprises spend 90% of their security budget on prevention and 10 percent on detection. A growth in polymorphic threats may upend this figure because the malware code mutates each time it runs, effectively multiplying the opportunity for bad actors while confounding each attempt to nullify it.
New software is emerging that scrutinizes not just the threat signature, but moreover, the behavior of the threat and uses this as another data metric to help early detection and remediation.
First Cryptojacking, now Formjacking
2018 may well be the year where Cryptojacking reached a peak, perhaps because the value of the cryptocurrencies themselves hit a high and have since declined. Accordingly, hackers plan to move to sunnier climes with Formjacking, where credit card forms (hence the name) are stolen direct from a web site just after a customer enters their details.
The big problem with Formjacking is that it's almost impossible for the user to identify the threat and respond before money has been stolen.
Unlike keylogging, where every keystroke is stolen in real-time before it is registered in the form, Formjacking steals complete credit card information direct from the form without triggering keylogging detection software. It thereby circumnavigates a long-standing fix and makes away with credentials that are then auctioned on the Dark Web. These stolen details are then typically plugged back into retail web sites to buy goods and then resell them online through well-respected sites in order to launder the proceeds.
Formjacking is doubly concerning because it takes relatively little effort to execute. According to Stacksol, it took only one hacker, who used only 22 lines of code, to modify scripts running on a major airline web site. The attacker reportedly stole 380,000 credit card details, netting over £13 million in the process.
Crimeware as a Service (CaaS)
Hackers are increasingly buying ready-made security exploitation kits, bought on the black market, to target enterprises in a worryingly efficient manner. Crimeware as a Service is emerging as a problem because hackers who have been in the business for a number of years are selling their knowledge and toolsets to the next generation who lack experience but are looking for an easy score.
In fact, CaaS is beginning to develop into a thriving marketplace, with subscription services and competitive pricing available to would-be bad actors. This dynamic is resulting in an increase in attacks, which have yielded the most return versus outlay for the hacker and has seen many wanna-be hackers recruited into the ecosystem – increasing the risk for enterprises already struggling to keep up.
At its worst, so far, CaaS can reportedly cause destruction so severe that entire IT hardware replacements are the only answer.
Living off the Land attacks
As an adjunct to highly targeted individual application or system attacks, one of 2019's growing worries is for malicious users to infest regular operating system features or legitimate administration commands and lie low in order to wreak longer-term havoc, hiding in plain sight.
That's the idea of so-called Living-off-the-Land (LotL) attacks, where hackers look for less-risky, longer-term gains rather than short-term attack blitzes. LotL threats are a concern because hackers can blend into a host of regular network commands and processes, and even if a threat is detected, it's harder to attribute it and therefore remediate it among a number of similar benign network activity peaks.
A good example of an LotL threat is a PowerShell attack, which leverages the task-based command-line shell and scripting language built on .NET, to gain privileged access to the enterprise IT system. This type of attack increased by 1,000 percent last year, according to Symantec.
What to get ahead of the curve to anticipate threats before they happen? Check out our Threat Intelligence services.
I've been writing about technology for nearly 20 years, including editing industry magazines Connect and Communications International. In 2002 I co-founded Futurity Media with Anthony Plewes. My focus in Futurity Media is in emerging technologies, social media and future gazing. As a graduate of philosophy & science, I have studied futurology & foresight to the post-grad level.