Automation and AI are enabling a surge in technological advances. Developments such as self-learning systems, autonomous supply chains, robotic surgery, facial recognition, self-driving cars, and intelligent customer service bots are just a few ways that AI and automation are dramatically changing our world.
New advances in technology often have downsides, however. In the case of AI and IT automation, one major downside is the fact that cyber criminals are rapidly learning to exploit vulnerabilities in these technologies.
Know your vulnerabilities
Those vulnerabilities are embedded in the very fabric of the Internet and modern computing, notes Carl Herberger, Radware’s Vice President of Global Security Solutions. During a recent discussion, Carl and I discussed how the following methods can be used to spread malware and enable cyber crime.
Attack of the APIs. APIs (application programming interfaces) are how just about everything on the Internet and cloud computing gets done. APIs let applications talk to each other, pass data, request services, provide services and automate processes.
Developers break down applications into separate services and then publish the functionality of their applications as Web APIs that can access files, data and services. APIs are integral to desktops, laptops, TVs, and IoT devices. Because they are so ubiquitous, and may not be secured, they offer attackers a potential resource for intercepting data and gaining access to critical systems.
Infected proxies. Herberger calls this the “Watering Hole” attack, since commonly used proxies – such as popular content sites, open source code repositories, or software update services – are passive destinations for thousands of potential victims.
Ironically, it’s even possible for hackers to compromise security update services so that customers unwittingly infect their computers when they update their security software. As Herberger notes, few IT departments bother to check these update services to see what’s being downloaded.
Bot armies. Networks of enslaved PCs and laptops, known as bots, have been doing hackers’ bidding for years. But now the combination of IoT and smart devices has created a much larger opportunity for hackers.
The security of many Internet devices is notoriously weak, and, at the same time, IoT devices are proliferating, making it easier for an attacker to assemble an army of bots. Mirai, the best-known example, was responsible for the 2016 attack on DNS provider Dyn, which brought down dozens of major web sites.
Automated spear phishing. Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear phishers convince specific targets, such as an IT administrator or highly placed official with access to sensitive data, to click on a link, which then may download malware that can enable the hacker to access that person’s accounts and, from there, expand into other systems.
AI makes it possible to automate spear phishing attacks by scouring available data on social media accounts and automatically crafting personalized emails, messages and Tweets.
John Seymour and Philip Tully, both data scientists at ZeroFox, noted at a 2015 Black Hat Conference that Twitter was an excellent medium for automated spear phishing attacks, given its bot-friendly API that makes it easier to scrape user data, and its colloquial syntax and shortened links that can help hide malicious payloads. Social media, in general, are especially prone to spear phishing because people are usually more trusting of other social media users and willing to share information. High profile targets often make a substantial amount of personal information available.
Turning the tables: Using AI to fight cyber crime
Clearly, AI developments present diverse security challenges to enterprises. At the same time, AI can offer significant benefits for developing sophisticated security measures capable of defeating hackers’ AI-powered attacks. The next stage of cyber security will depend heavily on AI, as security vendors incorporate the technology into their products and services to defend against AI-driven attacks.
As early adopters are discovering, there are myriad decisions that go into AI adoption and planning and understanding all the related details is critical to getting it right. Key questions include: What are the AI algorithms behind the decision-making processes? And what are the stumbling blocks that could be encountered because AI doesn’t learn and make decisions the same way humans do?
The success of security vendors and hosting providers will depend on their ability to create intelligent systems that can protect data from cyber-criminals. AI is a technology that we must invest in today to keep our data and networks secure in the future.
Paul Mazzucco is the chief security officer of TierPoint