BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The Rise Of The Intelligent Machine In Cybersecurity

Forbes Technology Council
POST WRITTEN BY
Bret Piatt

Protecting your data today means dealing with hacking attempts powered by machine learning (ML), the science of computers learning and acting like humans. These ML computer algorithms are based on an analytical model designed to collect data and adapt its processes and activities according to use and experience, getting “smarter” over time.

Hackers are also using these algorithms to automate time-consuming cyberattacks with hackbots, email phishing, and social media phishing. The U.S. intelligence community reports cybercriminals are even using stolen computing resources to eliminate the main costs of ML: central processing unit (CPU) time, graphics processing unit (GPU) time, data transfer and the electricity they all consume.     

Leading businesses already leverage ML algorithms to automate malware scanning and improve their cyber defenses. Many information technology (IT) professionals are experimenting with ML to see how it can improve business processes and increase productivity. What businesses must realize is that cybercriminals are taking the same approach to innovate their methods of attack. Both cyberattackers and defenders are looking to use artificial intelligence (AI) and ML to gain an advantage.

What Should We Expect As Hackers Start To Use AI For Reconnaissance?

Expect more targeted attacks using personally identifiable information about company leaders -- even in regard to lower-level employees -- because of ML. Public information about company leadership can make an email or social media phishing attack more convincing, especially as hackers automate data collection on a targeted company using ML to emulate both the timing of communications and writing style.

AI algorithms can now be trained to create spam email that resembles a legitimate message. Cybercriminals are using these techniques to execute sophisticated phishing attacks. We are no longer dealing with a “Nigerian Prince” asking you to facilitate an international wire transfer.

Black Hat research on Twitter-automated social spear phishing shows ML has increased the success of phishing attacks by at least 30% over traditional automated ones. If criminals can save time and effort by using ML to launch convincing phishing attempts, they will. According to the Black Hat report, hackers often mine Twitter content for personal data and use Twitter through its bot-friendly application programming interface (API).

To defend against phishing, email the sender of a questionable message a challenge-and-response question. Realize that hackers can analyze your message to respond in convincing ways. As smart chatbots learn to communicate better, this will become even more difficult. Alternatively, ask the sender through other channels about the message. Unless the attacker has compromised multiple accounts simultaneously, you will detect and thwart the attempt.

Does Your Company Have Critical Systems Protected Only By Username And Password?

Cybercriminals already leverage ML in brute-force attacks. A neural network -- a computer system modeled on the human brain and nervous system -- can create new texts using an extensive data set for training. Advanced hackers use neural networks and the database of 1.4 billion passwords from all breaches to improve their password guessing and allow access. Researchers at MIT modeled password guessing using neural networks and demonstrated this is possible.

First, everyone should change the default passwords on internet-connected devices with little or no security capabilities. After that, train users on a password policy that requires a unique password for every site that is both complex and long. The longer and more random, the stronger the password becomes, making brute-force attacks more difficult. Where at all possible, add multifactor authentication (MFA) to systems requiring both something you know, the password and something you have, such as a hardware key or PIN code-generating token.

When you cannot add MFA to a system, a password manager -- software that stores and manages passwords for online accounts -- allows you to improve password security by easily enabling the use of extremely long and complex unique passwords per system without reducing worker productivity. Users only need to remember a single complex, unique master password for your company’s password management software, which is also ideally protected by MFA.

How Are Hackers Using AI To Avoid Detection And Persist Their Compromise Of Systems?

Hackers are likely using ML to create malware and penetrate business systems with a specific training goal to remain undetected for as long as possible. In 2017, Chinese researchers created a generative adversarial network (GAN) algorithm that could evade machine learning-based security solutions. Cybercriminals also apply ML to smart botnets using a hivenet, a self-learning cluster of internet of things (IoT) compromised devices that share information and customize attacks. Hivenets can direct swarmbots based on what they learn during a cyberattack.

With malware, the best defense is to avoid initial infection by training users to never visit insecure sites, click on unfamiliar links or download unknown files. Then by adding ML to your security event and information management system (SIEM), the policy creation and learning for each enterprise system becomes automated. This significantly increases the productivity of a firm’s security analysts and focuses them on issues instead of tuning rule-sets. With defensive ML, organizations can close gaps in IoT security, improve monitoring of user behavior and, in best-case scenarios, predict and stop zero-day threats.  

Businesses Need To Stay Current On AI And Machine Learning

Since cybercriminal organizations control large numbers of computers, providing them with substantial resources to train and run AI-based attacks, law-abiding organizations are faced with the challenge of spending enough on their own or ending up vulnerable. One way to combat this is by joining an information sharing and analysis organization (ISAO) or an information sharing and analysis center (ISAC) through the National Council of ISACs. Each time an organization is attacked, it shares details of the attack and all other organizations can update their policies to stop it ahead of time.

As recently as last year, many were skeptical about AI emerging as a cybersecurity trend. Not only is offensive AI feasible, but it has become part of the cyber landscape. Businesses must remain proactive by monitoring critical IT systems and assets continually and enforcing best protection practices for all employees in their daily access and network activities.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?