The future of cyber security — pitting machine against machine
It’s been over 30 years since ‘the world’s first cyber-attack’ hit the headlines and cyber security has remained a persistent threat ever since. While the malware released in 1988 was a personal project of the Harvard graduate Robert Tappan Morris, cyber-crime has rapidly evolved from the world of academic research into a global marketplace of professional services. And as nation-states struggle for dominance, even governments have turned to hyper-advanced cyber-attack tools that can cause physical damage to their adversaries’ critical infrastructure.
The destructive potential of cyber-attacks must not be underestimated. In fact, cyber-crime is considered one of the greatest problems of our time. According to the World Economic Forum, cyber-attacks now stand alongside natural disasters and climate change as one of humanity’s top ten risks globally. And with businesses, schools, hospitals, and every other thread in the fabric of society having embraced technological innovations such as the internet, the ramifications of such attacks are widespread.
A crucial response to the onset of increasingly sophisticated and novel cyber-threats has been AI-powered defences, a development driven by the philosophy that information about yesterday’s attacks cannot predict tomorrow’s threats. AI has been leveraged to understand what is ‘normal’ for a digital environment and to detect deviations as they emerge, signalling a movement away from legacy approaches to cyber security.
In recent years, thousands of organisations have entrusted machine algorithms to react at computer-speed to fast-moving attacks. This active, defensive use of AI has changed the role of security teams fundamentally, freeing up humans to focus on business communication and remediation plans to make their overall digital environments more resilient in the future.
In what is the attack landscape’s next evolution, hackers are now taking advantage of AI themselves to deploy malicious algorithms that can adapt, learn, and continuously improve in order to evade detection, signalling a paradigm shift in the cyber security landscape: the advent of AI-powered attacks. A recent study by Forrester found that 88% of security professionals expect AI-driven attacks will become mainstream – it is only a matter of time.
‘Offensive AI’ will harness AI’s ability to learn and adapt, ushering in a new era of cyber-threats in which highly-customised and human-mimicking attacks are scalable – and these will happen at machine speed. Once deployed on a target’s network, the Offensive AI will use the information it sees to direct an attack, automatically working out where the most valuable data lies.
Organizations are already seeing the early signs of this. AI-manipulated ‘deepfake’ content designed to spread misinformation is a pressing concern for social media giants. Meanwhile, one UK energy firm was scammed out of £200,000 last year when a hacker used AI to impersonate a CEO’s voice in a phone call.
The reality is that the open-source AI research tools needed to supercharge every phase of the attack lifecycle already exist today. Soon, they will indubitably join the list of paid-for hacker services available for purchase on the dark web. And whereas a team of 15 cyber-criminals can manually run 2 in-depth operations simultaneously, AI will let them run 200 with the same manpower – and produce even better results.
At Darktrace’s AI labs, Cyber Analysts have been exploring what offensive AI might look. Developing prototypes that autonomously determine an organisation’s most high-profile targets based on their social media exposure, the offensive AI uses this knowledge to craft contextualised phishing emails and select a fitting sender to spoof – all in a matter of seconds.
The good news is that Darktrace’s defensive AI has proved more than capable of fighting back, with Darktrace Antigena autonomously neutralizing these AI-augmented attacks. Today, just under 4,000 organisations use defensive AI in their daily battle against malicious attackers.
Armed with more data, defensive AI sees more. Powered by unsupervised machine learning, Darktrace’s AI is equipped with a complex understanding of every user and device across an organization’s network. It uses this evolving understanding of ‘normal’ to detect subtle deviations that might be the hallmarks of an emerging attack.
With this ‘birds’ eye’ view of the digital business, cyber AI will spot offensive AI as soon as it emerges, with Darktrace Antigena making intelligent micro-decisions to surgically block malicious activity in real-time while allowing ordinary business operations to continue as normal. Offensive AI may well be leveraged for its speed and scale, but this is something that defensive AI also brings to the table.
It’s time for humans to step aside – this is a machine fight. When this major leap in attacker innovation inevitably occurs, investigation, response, and remediation must be conducted with the speed and intuition of AI. Only AI can fight AI.
A new age in cyber defence is just beginning, but organizations have some cause for optimism: this is a phase that defenders have long been arming themselves for, ensuring that when the AI arms race starting pistol sounds, the good guys will have a head start.
To find out more about defensive AI, visit Darktrace’s website here.
10 September 2020