Why AI holds the key to cyber security this year
Dubai: Hackers and security solutions providers are expected to deepen their artificial intelligence (AI) capabilities this year in a bid to see who wins the fight.
Hackers will automate attacks using AI while defenders will leverage it in mounting counter-attacks and identifying vulnerabilities.
Ramses Gallego, a strategist in the office of Symantecs chief technology officer, told Gulf News that attackers dont have to create very complex scripts or complicated engineering attacks. Instead, they will use things that are on our computers such as cloud features and functionalities, as well as the functionalities of operating systems and commercial software already installed.
"Instead of building a phishing attack, scam or ransomware attack, the bad guys will use algorithms to trick people by creating an identical web page or an identical email from a company. AI could leverage deep fakes to make social engineering attacks even more sophisticated."- Ramses Gallego | Strategist in the office of Symantecs chief technology officer
Moreover, he said that security solutions providers will use AI to probe for open vulnerabilities in a bid to ramp up security.
Leveraging deep fakes
'Instead of building a phishing attack, scam or ransomware attack, the bad guys will use algorithms to trick people by creating an identical web page or an identical email from a company. AI could leverage deep fakes to make social engineering attacks even more sophisticated,' he said.
Before, hackers needed to create a companys logo to generate that authentic feel, he said. Now, they can create it using AI to make it look original. Moreover, he said that there are AI-powered attack tool kits available on the Dark Web to enhance their attacks while offering a wide range of options at the same time.
'The cost of an attack is so low these days and it gives hackers the ability to launch sophisticated targeted attacks with ease and they can attack energy plants, water distribution systems or the traffic systems of a city,' Gallego said. 'We saw it last year and it will happen this year also. There could be no financial motive or political goals behind these attacks but just to create turbulence. Combined with AI, it could be scary. The criminal organisations could be states, nations or [groups] sponsored by a set of lobbies,' he said.
Now, it all depends on who is creating the best AI to win this fight, he added. With fifth-generation cellular technology (5G) expected to be rolled out commercially, Gallego said the additional bandwidth when compared to 4G will catalyse new operational models, architectures and vulnerabilities.
5G will have a peak data download rate of 10Gbps compared to 4Gs 1Gbps.
Gallego said hackers can steal data in transit as it moves from mobile to cloud or from the home to the enterprise. For example, he said that hackers can steal banking credentials and capture credit card numbers in transit once they have gained access to home routers and other IoT hubs by inserting malware into the same routers.
As the concept of home-based IoT devices gains traction, Gallego said it is plausible that some nations could attempt to weaponise them by, for example, shutting down home thermostats in an enemy nation during a harsh winter.
WiFi routers on their radar
'Home-based WiFi routers and other poorly secured consumer IoT devices will be on the radar of the bad guys and attackers will continue to focus on network-based enterprise attacks,' he said.
'As more 5G IoT devices enter the market, theyll connect directly to the 5G network, thus making the devices more vulnerable to direct attacks and DDoS [botnet-powered distributed denial of service] attacks. Critical infrastructure can be halted using DDoS attacks and still there is a massive gap between IT [information technology] and OT [operational technology],' he said.
IT systems are storage systems, computing technology, business applications and data analysis tools while OT systems consist of machinery equipment, assets monitoring systems and control systems.
'Engineers building energy plants are focused on functionalities, procedures and processes of the plant from an engineering perspective but unfortunately, very few are thinking about the security aspects. Attacks that leverage the supply chain will grow in frequency and impact,' he said.
Moreover, he said hackers can attack the providers of cameras or a motherboard manufacturer.
'We have seen that you can put a chip into a motherboard that opens a backdoor for hackers to steal data and attackers are implanting malware into otherwise legitimate software packages in order to distribute it quickly and surreptitiously to intended targets,' he said.
Symantec predicts that state-sponsored attacks will continue as a show of supremacy.
In a geopolitical world, he said that if country A is attacking country B, it will look like country B is attacking country C and while both country B and C are fighting each other, country A is free of any blame despite starting the attack.
Mohammad Abu Khater, vice-president for FireEye Middle East and Africa, said the nations that are on top of the list for state-sponsored attacks are Iran, Russia, North Korea and China. He added that their tactics keep changing.
'Russia will continue to conduct operations via social media and through more covert operations such as hacking and tactically leaking data in ways that may sow discord. We have seen that in the US elections,' he said.
He expects to see other emerging cyber nations come to the fore this year and the primary reason will be pressure to keep up with other nations in developing cyber-programmes matching the capability of a traditional military.'Abu Khater said that cyber threats from Iran targeting the US and its allies, including Gulf countries, are likely to increase drastically this year. Following the reimposing of sanctions against Iran by the US recently, after the US exited the Joint Comprehensive Plan of Action (JCPOA), he suspects that the Islamic republic could retaliate through cyber attacks.
'We noticed that some Iranian-nexus groups, which attacked the US banking sector using DDoS a few years ago, are re-emerging again to gain infrastructure access into some organisations in the US and outside,' he said.
Moreover, he said that less capable groups are emerging and supporting the Iranian government.