Artificial Intelligence as the Next Host of Cyber Attacks, a Cybersecurity Research Firm Revealed

Artificial Intelligence is still crude as of this time, but it has already become both a blessing and a curse to the world. Through AI, companies, large and small, for-profit and non-profits are able to lessen their cost of maintaining IT systems. Automation enables a human operator to save time with processing a routine task, reaching their goals faster compared otherwise. The negative aspects of AI are the chance of rendering the system administration job a less demanding one, as more routine tasks are done by the former than a human sysadmin.

In the most recent research done by Darktrace, the world is not yet ready for the next evolution of a cyber attack. This attacks will all be automated, with a malicious AI being the central control system directing it. There is currently no working prototype of an AI-based attack today, but through the continuation of Moore’s law, it is only a matter of time before it becomes very feasible to develop.

“We expect AI-driven malware to start mimicking behavior that is usually attributed to human operators by leveraging contextualization. But we also anticipate the opposite; advanced human attacker groups utilizing AI-driven implants to improve their attacks and enable them to scale better,” explained Max Heinemeyer, Darktrace’s Threat Hunting Director.

The biggest threat brought about by a theoretical AI-based cyber attack is the non-commitment of some companies to secure their perimeter. The old EternalBlue exploit that was the central reason for the spread of the WannaCry ransomware last year is still actively being exploited. This means the Microsoft patch fixing the SMBv1 bug were ignored by some companies, probably due to huge dependence to legacy software, applying the patch will break a mission-critical software.

“Imagine a worm-style attack, like WannaCry, which, instead of relying on one form of lateral movement (e.g., the EternalBlue exploit), could understand the target environment and choose lateral movement techniques accordingly,” added Heinemeyer.

Like everything else in technology, AI is not immune to become the next thing to be weaponized. Just like the floppy disks and USB flash drives, two successful storage media that were used to spread malware before the Internet became mainstream, it is inevitable for cybercriminals to experiment for their next instrument to take advantage of.

“Instead of guessing during which times normal business operations are conducted, it will learn it. Rather than guessing if an environment is using mostly Windows machines or Linux machines, or if Twitter or Instagram would be a better channel […] it will be able to gain an understanding of what communication is dominant in the target’s network and blend in with it. The extrapolation of AI-driven attacks is entirely realistic. We see sophisticated characteristics in existing malware on the one hand — and narrow AI understanding context on-the-fly on the other. The combination of the two will mark a paradigm shift for the cybersecurity industry. Companies are already failing to combat advanced threats such as new strains of worming ransomware with legacy tools. Defensive cyber AI is the only chance to prepare for the next paradigm shift in the threat landscape when AI-driven malware becomes a reality,” the company added. “Once the genie is out of the bottle, it cannot be put back in again,” concluded Darktrace report.