Stewart Baines: AI vs. AI And The New Cybersecurity Threats

Stewart Baines: AI vs. AI And The New Cybersecurity Threats

Stewart Baines: AI vs. AI And The New Cybersecurity Threats

Stewart paints a picture of increased cyber security risks as AI hacking is becoming mainstream with polymorphic malware, formjacking and Living of the Land (LotL) intrusion and Crimeware as a Service (CaaS) increasing.

By Stewart Baines

The rapidly evolving nature of cybercrime means that there are now a host of new threats for enterprises to consider. They’ve been designed by malicious actors to counter existing security precautions or to strike new areas of weakness. Since knowledge is power, here’s a first look at the dangers that enterprises could soon face.

Bad AI vs. good AI

Will we soon see criminal AI-driven threats waging war with AI cybersecurity systems? It seems such a scenario is moving off the pages of a Hollywood script and into reality, because AI-based security developments serve a dual use – one for good, one for bad.

The World Economic Forum (WEF) says that although AI systems were originally developed to crack down on cyberthreats, their low-cost, scalable, automated and anonymous nature provide exactly the toolset criminals are looking for. The WEF suggests that malicious use of AI will soon be more commonplace, with hackers using it to optimize approaches that avoid detection or create content that is indistinguishable from that made by humans in phishing or social engineering attacks.

Polymorphic malware

Even though enterprises are becoming better at staying on top of threats, the next line in the cybersecurity battlefield has already been drawn by the emergence of polymorphic malware – the type that constantly mutates and thereby can fool systems that rely on recognizing a static signature.

Gartner says that enterprises spend 90% of their security budget on prevention and 10 percent on detection. A growth in polymorphic threats may upend this figure because the malware code mutates each time it runs, effectively multiplying the opportunity for bad actors while confounding each attempt to nullify it.

First Cryptojacking, now Formjacking

2018 may well be the year where Cryptojacking reached a peak, perhaps because the value of the cryptocurrencies themselves hit a high and have since declined. Accordingly, hackers plan to move to sunnier climes with Formjacking, where credit card forms (hence the name) are stolen direct from a web site just after a customer enters their details.

The big problem with Formjacking is that it’s almost impossible for the user to identify the threat and respond before money has been stolen.

Crimeware as a Service (CaaS)

Hackers are increasingly buying ready-made security exploitation kits, bought on the black market, to target enterprises in a worryingly efficient manner. Crimeware as a Service is emerging as a problem because hackers who have been in the business for a number of years are selling their knowledge and toolsets to the next generation who lack experience but are looking for an easy score.

In fact, CaaS is beginning to develop into a thriving marketplace, with subscription services and competitive pricing available to would-be bad actors. This dynamic is resulting in an increase in attacks, which have yielded the most return versus outlay for the hacker and has seen many wanna-be hackers recruited into the ecosystem – increasing the risk for enterprises already struggling to keep up.

Living off the Land attacks

As an adjunct to highly targeted individual application or system attacks, one of 2019’s growing worries is for malicious users to infest regular operating system features or legitimate administration commands and lie low in order to wreak longer-term havoc, hiding in plain sight.

That’s the idea of so-called Living-off-the-Land (LotL) attacks, where hackers look for less-risky, longer-term gains rather than short-term attack blitzes. LotL threats are a concern because hackers can blend into a host of regular network commands and processes, and even if a threat is detected, it’s harder to attribute it and therefore remediate it among a number of similar benign network activity peaks.

Read the original article at www.pressreleasepoint.com

Stewart Baines has been writing about technology for nearly 20 years, including editing industry magazines Connect and Communications International. In 2002 he co-founded Futurity Media with Anthony Plewes. His focus in Futurity Media is in emerging technologies, social media and future gazing. As a graduate of philosophy & science, he has studied futurology & foresight to the post-grad level.

Stewart Baines has been writing about technology for nearly 20 years, including editing industry magazines Connect and Communications International. In 2002 he co-founded Futurity Media with Anthony Plewes. His focus in Futurity Media is in emerging technologies, social media and future gazing. As a graduate of philosophy & science, he has studied futurology & foresight to the post-grad level.