Cyber Security Evolution: AI as a Tool for Attack and Defence

June 28, 2023

Cyber security has become one of the critical issues for organisations and businesses in today's digital age. As the number of cyberattacks and the sophistication of the techniques used by threat actors increases, the need to ensure effective defence has become more important than ever.

In relation to this casuistry, Artificial Intelligence (AI) has emerged as a powerful tool where organisations and their different teams can rely on to automate tasks in the field of cyber security.

This article explains the evolution of both attackers and defenders in the use of AI to strengthen their attack strategies and protect their systems.

The evolution of the attackers

Cyber attackers have been quick to take advantage of the benefits offered by Artificial Intelligence to enhance their capabilities and evade organisations' defences.

AI has enabled attackers to automate and scale their attacks more effectively, either by generating more sophisticated phishing or vishing attacks (a phishing scam that occurs through a phone call or voice message using a synthetic voice) or automating tasks such as scanning an organisation's exposed perimeter, exploiting vulnerabilities in real time, and chaining the execution of different exploits based on the vulnerabilities found.

Here is an example of a Google Assistance AI call, shown at Google I/O 2018 (yes, 5 years ago), where it interacts with another person on the other end of the phone, without them realising they were talking to a synthetic voice from an autonomous system.

Here is a free tool to create synthetic voices that even allows voice cloning, although this option requires a fee.

One of the most common uses of AI by attackers is the creation of "autonomous attacks" (not automatic, this is old-school). Using machine learning algorithms, attackers train these systems to automatically identify, scan and exploit vulnerabilities in the targeted infrastructure.

One of the most common uses of AI by cybercriminals is the creation of "autonomous attacks" that make their own decisions to achieve their goal.

These enable attacks to be carried out in a continuous, large-scale, and automated manner, without intervention of the attackers, which represents a significant and constant threat to corporate security and the security of all users.

Attackers can generate malicious traffic that looks legitimate, or generate malware based on this technology that evades defence systems and changes its behaviour and code.

The evolution of defenders

Given the increasing sophistication of attacks, corporations and their cyber security teams have also embraced artificial intelligence to strengthen their cyber security strategies. AI has become a valuable ally in early threat detection and rapid response to cybersecurity incidents.

One of the most notable applications of AI in cyber defence is anomaly detection. AI systems can analyse large amounts of data in real time and detect unusual patterns that could indicate an attack in progress.

In addition, through the use of machine learning algorithms, defence systems can continuously improve their ability to recognise and block new threats more quickly and effectively.

One of the most notable applications of AI in cybersecurity is the detection of anomalies or suspicious activities that may reveal attempts or attacks.

One of the examples where AI is used is in IDS (intrusion detection system) and IPS (intrusion prevention system) systems.

Another area where AI has proven useful is in automating responses to security incidents. Security teams can employ AI systems to quickly analyse and assess threats and take immediate action to contain and mitigate attacks.

This significantly reduces response time and enables a more effective defence against ongoing attacks. Evolved SOAR (security orchestration, automation, and response) systems, in addition to creating operator-created automations, are also including AI as a source of data to create new automations based on events received seconds ago.

And you, who do you think will win this automated battle, the good guys or the bad guys? Who will train and exploit their AI best?

Artificial Intelligence, ChatGPT, and Cyber Security

Featured image: vecstock in Freepik.