The Artificial Intelligence Tug-of-War: Adversaries vs. Defenders
By Corey Nachreiner, CSO at WatchGuard Technologies
Artificial intelligence (AI) is playing an increasingly important role in cybersecurity. A recent Pulse Survey shows that 68% of senior executives say they are using tools that use AI technologies, and among those who are not yet using AI, 67% are considering adopting it. Going forward AI will be essential for cybersecurity in organizations given the number of benefits it can offer security teams. These include increased threat detection speed, predictive capabilities, error reduction, behavioral analytics and more. AI can also help reduce zero-day vulnerabilities where AI automates the discovery and patching of flaws.
AI in cybersecurity enables a system to process and interpret information more quickly and accurately, and in turn, use and adapt that knowledge. It has substantially improved information management processes and allowed companies to gain time – a critical component of the threat detection and remediation process. Additionally, today’s ML/AI is good at automating basic procedural security tasks. Often this can result in taking noisy security alerts, and removing the obvious false positives, or events that may not be serious, and only leaving the important things that humans need to validate.
But as the defenders grow more and more sophisticated in their use of AI, so are the adversaries. For example, attackers use it to automate the discovery and learning about targets. When ML is applied to social networks, it can help identify the most prolific users with the most reach, etc., and it can then help automate learning what those individual users care about. This type of automated investigation of public profiles can help attackers use AI to craft messages that will more likely appeal to that target. In short, AI can automate the research into human targets that was traditionally done manually, enabling hackers to quickly collect enough information about the targets to deliver very specific phishing messages.
In fact, recent research on this subject presented at Black Hat demonstrated that a typical, widespread phishing attempt will see about a 5% success rate. Layer on machine learning which uses knowledge about the targets to make the phishing attempts more accurate and believable, and hackers will see about a 30% success rate. This is nearly as much as they see in a highly specified, targeted spear-phishing attempt.
Another example is with self-driving cars. A car using ML algorithms to make decisions could see a stop sign that has a sticker intentionally placed on it by a bad actor as perhaps a 45-mph sign. Imagine the disaster there!
With AI/ML being used more and more by both the good guys and the bad guys, it’s become a true cat and mouse game. As quickly as a defender finds a flaw, an attacker exploits it. And with ML this happens at line speed. But there is work being done to address this. For example, at DEFCON 24 DARPA created the Cyber Grand Challenge which placed machine versus machine in order to develop automatic defense systems that can discover, prove, and correct software flaws in real-time.
Outside of that, to address this the first place to start for companies is security awareness training. Teach employees how to recognize phishing and spear-phishing attempts. Understanding the problem is a big step in addressing it. Additionally, employ threat intelligence that sinkholes bad links, so even if they are clicked on, they get quarantined and don’t cause harm. While this tug-of-war will likely go on indefinitely, we can continue to take steps to help the good side gain a little more muscle.
About the Author
Corey Nachreiner is the CSO of WatchGuard Technologies. A front-line cybersecurity expert for nearly two decades, Corey regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles and is the primary contributor to the Secplicity Community, which provides daily videos and content on the latest security threats, news and best practices. A Certified Information Systems Security Professional (CISSP), Corey enjoys “modding” any technical gizmo he can get his hands on and considers himself a hacker in the old sense of the word.
Corey can be reached online at https://www.linkedin.com/in/corey-nachreiner-a710ba1/ and at our company website https://www.watchguard.com/