Navigating the Dual Impact of AI in Cybersecurity

Artificial Intelligence (AI) is set to be the newest ally for many companies, but it’s also set to be the newest threat.

The realm of cybersecurity is undergoing a transformation, guided by the omnipresent force of Artificial Intelligence (AI). As we navigate this dynamic landscape, AI emerges as both the guardian of digital fortresses and the stealthy architect of cyber threats. In this exploration, we embark on a journey into the depths of AI's influence on cybersecurity, unveiling its multifaceted role and the intricate dance between defense and offense.

“What is AI’s emerging role in cybersecurity?”

AI's foray into cybersecurity is nothing short of revolutionary. At its core, AI harnesses the power of machine learning and natural language processing, becoming a possible linchpin that can fortify security measures or unleash sophisticated cyber attacks overwhelming organizations and their security practitioners. AI’s role is not clearly defined, but one thing is for certain: it’s giving both good guy and bad guy vibes. Imagine AI as the vigilant sentinel and the cunning infiltrator within the digital realm, shaping the cybersecurity narrative in extraordinary ways. Now imagine that AI and the models and mechanisms that support it are growing and evolving at unprecedented rates, creating a massively expanding footprint of potentially game changing use cases for both the defender and the attacker.

“What sorts of use cases are we currently seeing with AI?”

The enigmatic spectrum of AI-based cyber attacks is growing rapidly. AI is no longer thought of as a nebulous figure residing in a super-computer crunching numbers and cracking passwords. It’s alive in the wild and being used by people to facilitate all types of new attacks, even new approaches to some very old and common vectors that attackers have favored in the past.

While the use cases supporting attacks are growing, cyber sleuths and defenders are not resting on their laurels. New preventative, detective, and responsive measures are being designed leveraging the power of AI to combat and reduce the risk of both traditional and AI-based threats.

“How are the bad guys using AI?”

AI-Powered Phishing - The Art of Deception:

In the ever-evolving landscape of cyber threats, AI has donned the cloak of deception, being used by attackers to facilitate exceptionally clever and convincing AI-powered phishing attacks. Cybercriminals now orchestrate personalized phishing attacks, finely crafted through data analytics and social media scrubbing powered by AI. These digital doppelgängers are elusive, navigating through traditional defenses with unprecedented sophistication. Gone are the days of manually copying official-ish looking emails and / or creating a stockpile of templates that inevitably give some hint away that they are not quite legitimate. AI can now support on-the-fly generated phishing email development and payload content.

Real-World Intrigue:

Picture an email impersonating Netflix customer support personnel in an attempt to harvest victim credentials, crafted by AI so finely it is indistinguishable from a genuine email, down to the concerned and supportive tone of the AI “support representative.” Abnormal Security reports a significant rise in indications of AI-based or supported phishing attacks in their December 19, 2023 article. 

Adaptive Malware - A Shape-Shifting Nemesis:

Meet the shape-shifting nemesis… adaptive malware. Fueled by AI, this breed of malware dynamically alters its code and behavior, a perpetual game of cat and mouse with conventional detection methods. AI aids clever attackers in avoiding signature-based detection schemes that rely on static code and known signatures to identify traces of malware embedded in content or deployed on a system. AI can craft and package malware on the fly with different signatures and digests to avoid such remedial detection methods, or in the case of advanced polymorphic malware, AI embedded in malicious code can analyze the target system's vulnerabilities and adapt its behavior to evade detection, making it nearly undetectable even to heuristic and behavioral-based endpoint detection and response systems. Beyond that, AI-supported adaptive malware is making the discovery of persistent malware and forensic analysis all-the-more difficult as standard indicators of malware or infection change, leaving no identifiable patterns to easily determine type or origination of a malware-based breach.

Movie Fantasy Meets Reality:

Researchers at HYAS Infosec, Inc. recently built a proof-of-concept using a large language model AI (like ChatGPT) dubbed BlackMamba after the deadly snake. BlackMamba synthesized a polymorphic keylogger malware with the ability to alter its benign code (resembling a standard, high reputation API) in real-time to avoid endpoint detection and response engines. Additionally, the researchers eliminated the command and control requirements for the malware allowing it to automate execution and its own evasion responses. The results were frightening. The malware appears to be virtually undetectable by modern predictive security solutions, giving us a glimpse at how attackers may leverage this technology to evade the best detection tools money can buy.

“Will my passkey still work if I get a new device?”

Picture AI not just as a potential threat but as a stalwart ally on the cybersecurity battlefield. Practitioners and developers are working hand-in-hand to give the good guys a fighting chance and perhaps a leg up in securing and defending their organizations from high-powered threats. The prowess of AI-based cyber defense tools extend to (but certainly are not limited to as AI evolves further) some of the following:

AI-Powered Threat Detection

A digital Sherlock Holmes, AI detects sophisticated cyber threats that often elude traditional defenses.

• AI-based threat modeling systems can leverage AI to model threats in real time using a variety of inputs and data available from custom tailored threat intelligence feeds or your own internal system and security tool data feeds, providing high-confidence, tailored alerts and preempting unseen adversaries.

• AI-based detection systems use sophisticated algorithms to perform real-time data analysis from connected systems and networks to identify patterns that may indicate compromises or breaches. Where human-based systems require hands-on-keyboard, AI-based systems support truly continuous monitoring of environments for indicators of attack, enabling true 24x7 coverage, the earliest detection possible, and rapid response capabilities.

Automating Incident Response

The ticking clock in cybersecurity finds solace in AI, significantly reducing response times to threats. AI-driven systems allow Security Operations Centers (SOCs) and incident response functions to at least partially automate incident response processes, including triage, containment, mitigation, and recovery. IBM, who recently integrated AI into their QRadar Security Suite, estimated in a recent report that the integration of AI-based automation to their response suite has sped up alert investigation and triage by 55% in the first year, on average.

Identifying Zero-Days

AI takes on the role of a vigilant guardian, identifying zero-day exploits before they unravel into full-fledged threats. Similar to the AI-based threat detection systems discussed previously, the ability of AI to consume and construct advanced threat models and baselines of normal operating states as a basis for comparison affords AI-based detection systems the ability to identify zero-day exploits actively being exploited in the wild, and possibly before exploits occur. AI-based detection and response systems that are integrated with organizational configuration management, continuous integration/continuous delivery (CI/CD), and infrastructure as code systems can proactively remediate potential zero-day threats before exploit as they are reported through threat intelligence pipelines and feeds. Additionally, AI-based systems integrated into the aforementioned system development life cycle management tools can immediately respond to, contain, and eradicate active exploits by isolating affected components, containing the exploit or infection, and re-baselining it to remove any remnants of the exploit or exploitable conditions.

“What lies ahead?”

As we delve deeper into the AI cybersecurity saga, some pertinent ethical and privacy concerns do emerge as poignant subplots. As the narrative unfolds there are several considerations we as humans must consider as we move forward into the AI-enabled cybersecurity future:

• Ethical and Privacy Quandaries: The integration of AI raises ethical and privacy questions, challenging the boundaries of automated decision-making and data analysis.

• Manipulation and Counter-AI Strategies: A gripping plotline unfolds as AI systems face the risk of manipulation, sparking a relentless cybersecurity arms race. What happens if the underlying AI itself is compromised, or trained on alternative data sets and information that do not align with, for example, one set of humans’ interests versus another’s?

• Advancement in AI Technology: The grand finale beckons, hinting at a future where AI evolves into a more autonomous and sophisticated adversary, ally, or weapon. It's a call for continuous innovation in AI defenses and ethical frameworks, and a sound agreement on the boundaries we must create to ensure that these tools of our creation do not become the tools of our destruction.

“Where can I find more information?”

If you’re interested in learning more about the intersection of AI and cybersecurity, as an individual or an organization looking to protect yourselves from evolving threats, Hive Systems can help. Our team of cybersecurity experts can provide you with the information and tools you need to prepare yourself for the AI-enabled future.