What Are State-Sponsored Cyber Attacks and Do They Use AI?

AI technology has been widely used by hackers sponsored by major state actors.
bitcoin hackers and its safety
Shutterstock Licensed Photo - By igorstevanovic

Artificial intelligence has played a very important role in modern cyber attacks. Although AI technology has been very important in creating safeguards to stop these attacks, it has also been used to make these attacks even more vicious. Many hackers are using both social engineering and AI to exploit targets more effectively.

A number of countries have engaged in cyber attacks against each other. Russia has conducted many cyber attacks against its adversaries. You can find numerous examples of this, such as the hacking attempts that it conducted against the United States during the 2016 Presidential Election.

Russia isn’t alone in sponsoring cyber attacks. The United States government has been responsible for conducting these types of attacks as well. The Indian government has also engaged in AI-driven hacking attempts through the use of Pegasus software against journalists.

All of these countries have found that AI has been effective in making these attacks more formidable. They will continue investing in AI technology to execute more vicious attacks.

AI Makes Hackers More Worthy Adversaries to Cybersecurity Professionals

Hacking and hackers have been part of popular culture for a long time. Although laughable and at most amusing two decades ago, hackers are currently an entirely different animal that requires an entirely new metaphorical cage to be kept at bay (and a whole arsenal of serious tools to boot). They are using AI tools to study their targets and better circumvent their security.

The stark contrast in hacking ability and sophistication between the beginning of the new millennium and now is as evident as day and night, resulting in concerned expressions on the faces of the top industry experts on a daily basis. Not only is this about the newfound sophistication and technical prowess that modern hackers possess with AI tools at their fingertips, but about the consequent global threat that arises from these facts. To be more specific, this is about the fact that hackers and hacking are taken very seriously nowadays as opposed to the lightweight hacking milieu of yesteryear. There are different levels of hackers out there, ranging from the run-of-the-mill phishing/vishing/smishing fraudster (simple social engineering scams that have good return-on-investment) to the highly lofty individuals and groups that are state-sponsored. Average fraudsters and scammers pale in comparison to these state-sponsored beasts using AI technology to achieve their goals. Today, such individuals and groups are backed by the world’s most powerful nations with terrifying AI-based tools, which means that they have access to unlimited resources. This also means that the most skilled individuals are picked out for specific, targeted tasks that can devastate and break the thickest, toughest walls put before them without breaking much of a sweat.

Another way to refer to hackers, perhaps more correctly and appropriately, is to refer to them as cybercriminals. Hacking today is no longer considered a gimmick, as cybercriminals are running amuck. The consequent cybercrime caused (like the fraudsters mentioned above) is straining almost every imaginable industry and testing the limits of cybersecurity at every front. As these individuals and groups exploit new developments in processing power, technological advancements, as well as the new era of high-speed on-the-go internet, new global threats appear by the day that can cause serious harm not only in the digital realm but also in the real world. As the world’s top institutions and critical infrastructures digitally transform and reap the benefits of better, more efficient workflows thanks to modern cyberspace, cybercrime threats have also gained the ability to transcend into the physical. This is why it is critical to harbor knowledge concerning the most serious threats that have arisen exactly because of the reasons listed above, known as APTs or Advanced Persistent Threats.

The Most Dangerous and Severe Hackers

By far the most severe level of hacking is known in the industry as an Advanced Persistent Threat. These threats result in; theft of intellectual property, confidential data, website takeover or destruction, and finally complete sabotage and espionage operations. APT attacks (e.g., campaigns) have resulted in the most serious form of data breaches known as Zero-Day exploits -those that can sometimes be undetectable for years even by the world’s most advanced intelligence agencies. APT attacks are most often invisible, have multiple vectors, and exploit all possible attack surfaces.

What is an APT?

APTs are highly detailed, organized AI-driven cybercrime attacks that are planned in advance by actors (individuals or most commonly groups) supported by nation-states. So far, the most damaging APT attacks have been discovered to be originating from powerful nation-state nations such as Russian and China. APTs are commonly politically or financially motivated, allotting their high-profile nature. An APT attack can be determined (distinguished) by the fact that it; bypasses detection tools, originates from a nation-state, utilizes cutting-edge hacking tools and methods, and targets a high-tier or large institution or organization. In most cases, APT attacks result in devastating consequences on a global scale.  

Real Examples of APT Attacks that Rely on AI

Below are some of the most devastating examples of APT attacks that used AI:

  • In 2020, Cybersecurity firm FireEye had discovered a supply chain attack with the SUNBURST backdoor that breached IT system management specialist SolarWinds’ security product causing chaos for several high-profile clients, even putting the national defenses of the United States at risk. AI was used to make this attack more effective than ever.
  • A notorious worm named Stuxnet that was developed with AI algorithms was used to breach Iran’s nuclear program, causing disruptions to Uranium storage. The worm targeted the SCADA systems (industrial Supervisory Control and Data Acquisition), and operators were unaware of what was taking place
  • APT actors by the name of Panda, APT28/34/37 had over the years conducted attacks against military organizations and defense contractors, and governments compromising millions of sensitive records. The attacks utilized targeted spear-phishing campaigns, worms, and never-before-seen types of sophisticated malware that exploited dangerous system vulnerabilities and effectively put national and global security at risk. This wouldn’t have been possible without the latest AI technology.

How to Protect Yourself And Your Business Against APTs

Now that we know just how severe APT cybercrime is, it is critical to know how to apply proper cybersecurity to mitigate as best as possible against the horror of these attacks. Below is a list that includes several measures of protection and detection measures against the severest form of cybercrime that is an APT attack;

  • Because most APT attacks benefit from email traps that utilize phishing, it is critical that emails are filtered and malicious links are blocked to stop breach attempts. You need to appreciate the way that hackers use AI to execute these attacks.
  • While AI tools can be dangerous in the hands of hackers, AI can also be useful for cybersecurity experts trying to thwart these criminals. APT attacks exploit vulnerable endpoints, meaning that endpoint detection and response with the end result of as little false-positives as possible must be used to identify and react to APT actors promptly with AI tools.
  • Any individual or business must understand that access control is vital for cybersecurity. Access control measures such as very strong and complex passwords, authentication measures, and stringent monitoring/management of user accounts and user activity can mitigate some APT risks
  • Understanding that unusual process handle requests are a common behavioral pattern of an APT intrusion, and adjusting for that, can effectively block some APT processes
  • Finally, monitoring incoming and outgoing traffic in an enterprise system in real-time will help identify any anomalies and prevent the lateral movement of APT actors within a system if they are successful with a Zero-Day exploit

An APT attack will not just affect organizations, institutions, and businesses but will put common individuals’ data security and privacy at risk due to the far-reaching nature of such an attack. Some key concepts to take away from the suggestions above are that regular password renewal, utilizing VPNs (Virtual Private Networks), tough firewalls, managed security solutions, and combing through every layer of a system (and device) security is essential to avoid breaches. We live in times where extremely strict security (sometimes at the expense of efficiency and frugality) must be applied, especially when it comes to systems that hold critical data. The future of cybercrime is going to be chock full of social engineering scams such as phishing and spear-phishing (as this simple technique still works). Even still, severe blackmail and ransom operations are going to be leveraged with ransomware. Finally, Zero-Day exploits will continue to hit the world transcending the cyber-physical realm, unless extremely strict measures such as Zero-Trust policies are implemented immediately all over the world.

AI Technology is a Weapon in the Hands of State-Sponsored Hackers

State-sponsored hacking attempts are more common than ever. AI technology has made these criminals more dangerous. Fortunately, AI can also be a defense against them if levied properly.

Kayla Matthews
Kayla Matthews has been writing about smart tech, big data and AI for five years. Her work has appeared on VICE, VentureBeat, The Week and Houzz. To read more posts from Kayla, please support her tech blog, Productivity Bytes.