AI-Powered Cyberattacks: Hackers Are Weaponizing Artificial Intelligence

The changes that AI is bringing to the cybersecurity industry are too serious to ignore.
ai is a dangerous weapon in the hands of hackers
Shutterstock Photo License - NicoElNino

There is no denying the fact that AI is transforming the cybersecurity industry. A double-edged sword, artificial intelligence can be employed both as a security solution and a weapon by hackers. As AI enters the mainstream, there is much misinformation and confusion regarding its capabilities and potential threats. Dystopian scenarios of all-knowing machines taking over the world and destroying humanity abound in popular culture. However, many people recognize the potential benefits that AI may bring us through the advances and insights it can deliver.

Computer systems capable of learning, reasoning, and acting are still in the early stages. Machine learning needs massive amounts of data. When applied to real-world systems like autonomous vehicles, this technology combines complex algorithms, robotics, and physical sensors. While deployment is streamlined for businesses, providing AI with access to data and granting it any amount of autonomy raises significant concerns.

AI is Changing the Nature of Cybersecurity for Better or Worse

Artificial intelligence (AI) has been widely used in cybersecurity solutions, but hackers also use it to create sophisticated malware and carry out cyberattacks.

In an era of hyper-connectivity, where data is viewed as the most valuable asset a company has, the cybersecurity industry diversifies. There are a lot of AI-driven cybersecurity trends that industry experts must be aware of.

By 2023, cybersecurity is expected to be worth $248 billion, mainly owing to the growth of cyber threats that require increasingly complex and precise countermeasures.

There is a lot of money to be made from cyber crime these days. With the plethora of available resources, even those without technical expertise can engage in it. Exploit kits of varying levels of sophistication are available for purchase, ranging from a few hundred dollars to tens of thousands. According to Business Insider, a hacker might generate roughly $85,000 every month.

This is a hugely profitable and accessible pastime, so it’s not going away anytime soon. Moreover, cyberattacks are expected to become harder to detect, more frequent, and more sophisticated in the future, putting all of our connected devices at risk.

Businesses, of course, face substantial losses in terms of data loss, revenue loss, heavy fines, and the possibility of having their operations shut down.

As a result, the cybersecurity market is expected to expand, with suppliers offering a diverse array of solutions. Unfortunately, it’s a never-ending battle, with their solutions only as effective as the next generation of malware.

Emerging technologies, including AI, will continue to play a significant part in this battle. Hackers can take advantage of AI advances and use them for cyberattacks like DDoS attacks, MITM attacks, and DNS tunneling.

For example, let’s take CAPTCHA, a technology that has been available for decades to protect against credential stuffing by challenging non-human bots to read distorted text. A few years ago, a Google study discovered that machine learning-based optical character recognition (OCR) technology could handle 99.8 percent of bots’ difficulties with CAPTCHA.

Criminals are also employing artificial intelligence to hack passwords more quickly. Deep learning can help accelerate brute force attacks. For example, research trained neural networks with millions of leaked passwords, resulting in a 26% success rate when generating new passwords.

The black market for cybercrime tools and services provides an opportunity for AI to increase efficiency and profitability.

The most severe fear about AI’s application in malware is that emerging strains will learn from detection events. If a malware strain could figure out what caused it to be detected, the same action or characteristic may be avoided the next time.

Automated malware developers may, for example, rewrite a worm’s code if it was the cause of its compromise. Likewise, randomness might be added to foil pattern-matching rules if specific characteristics of behavior caused it to be discovered.

Ransomware

The effectiveness of ransomware depends on how quickly it can spread in a network system. Cybercriminals are already leveraging AI for this purpose. For example, they employ artificial intelligence to see the reactions of the firewalls and locate open ports that the security team has neglected.

There are numerous instances in which firewall policies in the same company clash, and AI is an excellent tool for taking advantage of this vulnerability. Many of the recent breaches have used artificial intelligence to circumvent firewall restrictions.

Other attacks are AI-powered, given their scale and sophistication. AI is embedded into exploit kits sold in on the black market. It’s a very lucrative strategy for cybercriminals, and the ransomware SDKs are loaded with AI technology.

Automated Attacks

Hackers are also employing artificial intelligence and machine learning to automate attacks on corporate networks. For example, cybercriminals can use AI and ML to build malware to detect vulnerabilities and determine which payload to use to exploit them.

This implies malware can avoid detection by not having to communicate with command and control servers. Instead of employing the usual slower, scattershot strategy that can warn a victim that they are under attack, attacks can be laser-focused.

Fuzzing

Attackers also use AI to uncover new software weaknesses. Fuzzing tools are already available to help legitimate software developers and penetration testers protect their programs and systems, but as is often the case, whatever tools the good guys use, the bad guys can exploit.

AI and associated systems are becoming more common in the global economy, and the criminal underworld follows suit. Moreover, the source code, data sets, and methodologies used to develop and maintain these robust capabilities are all publicly available, so cybercriminals with a financial incentive to take advantage of them will concentrate their efforts here.

When it comes to detecting malicious automation, data centers must adopt a zero-trust strategy.

Phishing

Employees have become adept at identifying phishing emails, particularly those sent in mass, but AI allows attackers to personalize each email for each recipient.

That’s where we’re seeing the severe first weaponization of machine learning algorithms. This includes reading an employee’s social media posts or, in the instance of attackers who have previously gained access to a network, reading all of the employee’s communications.

Attackers can also use AI to insert themselves into ongoing email exchanges. An email that is part of a current conversation instantly sounds genuine. Email thread hijacking is a powerful strategy for getting into a system and spreading malware from one device to another.

Dmitry Garbar
Dmitry Garbar is a partner and department head at Belitsoft. He has been working in IT for over 12 years, first as a developer, then - in management roles. He specializes in Financial, Healthcare, Telecommunications and other data-sensitive domains.