AI/ML-based attacks are on the rise

Traditional security defenses can no longer be effective in defending against today’s machine speed and complexity of cyber security attacks. The amount of data is simply too large to monitor manually.

To stay ahead of dangerous and targeted threats, security operations must leverage their security context. Traditional technology measures, which rely on assumption-based rules and static signatures, devoid of context are no longer satisfactory in the era of offensive technologies. These technologies are now weaponized with Artificial Intelligence (AI).

AI, despite its many benefits, is still vulnerable to cyber-attacks. It’s just another software🙂 ML and deep learning stacks, forming the core of modern AI, are riddled with many vulnerabilities. Adversary attack methods designed to exploit these vulnerabilities have already been developed and are widely proliferated.

The attacks I describe in this blog are predicted to become one of the major problems in SecOps. They are easy to conduct, exploit vulnerabilities, and are challenging to defend against. This combination makes managing ML-based vulnerabilities a complex issue, even when compared to other cybersecurity challenges.

ML vulnerabilities allow hackers to manipulate the system’s integrity (leading to errors), confidentiality (resulting in exfiltrations), and availability (causing system shutdowns). Real example: ML vulnerabilities often cannot be patched the same way traditional software can, leaving long-lasting gaps for adversaries to exploit. Some of these vulnerabilities require minimal or no access to the victim’s system or network, offering increased opportunities for attackers and reducing defenders’ ability to detect and respond to these attacks.

Adversaries constantly analyze defender security posture, practices, and tools. They are not confined to learning only your defense. In the dynamic competition between adversaries and defenders, defenders must adopt AI-backed offensive technologies for improved defenses.

AI is just a tool and should only assist security teams to understand and enforce “normal” baselining, enabling SecOPS to better defend with intelligence and swiftly disrupt threats or malicious behaviors without disrupting business operations.

On average, cyber security attacks can go undetected for less than 30 days, providing ample time for substantial damage., which we call attacker first mover advantage in the context. Adversaries are constantly evolving their TTPs and becoming harder to detect and have typically moved on, leaving untraceable breadcrumbs behind for IR and Forensic teams.

The offense-defense balance changes as machine learning systems reach different levels of model complexity. Some techniques may appear to be effective or ineffective initially but behave differently when applied to a security stack. To keep pace with evolving threats, ML-enabled security stacks will have to utilize their security context of their own.

Using AI for threat detection, pattern recognition, and anomaly detection is not a new concept. However, new security technologies are equipped with self-learning generative AI, ML capabilities, and automation. These platforms aim to detect threats before they occur, shifting the focus from threat detection to direct response.

While AI is not going to completely replace security professionals in the near future, it can enhance efficiency and provide better context. It does this by ML-enabled threat detection, analyzing data sets, continuously learning to identify anomalies, and identifying new attack patterns before attacks are weaponized.

In Summary

Artificial Intelligence (AI) plays a pivotal role in bolstering cybersecurity operations. It has become an indispensable tool for cyber security operations to stay a step ahead in the ever-evolving landscape of cyber threats. However, it’s worth noting that this advanced technology is also piquing the interest of adversaries who are always on the lookout for potential vulnerabilities to exploit.

As a security professional, I firmly believe that our collective efforts and collaboration are integral to fully harnessing the power of AI in our fight against cyber threats. We must not only focus on leveraging the benefits that AI technology can bring to our cybersecurity operations but also be vigilant about the risks associated with it.

It is paramount that we work together to ensure that we are effectively utilizing AI to its full potential, while simultaneously putting in place robust measures to mitigate the risks that could arise from threat actors. This dual approach will be key to maintaining a secure and resilient digital environment in this age of AI-powered cybersecurity operations.