The following blog is based on a presentation the CEO of CyberFortress recently delivered at TechConnect Live, Ireland’s largest business and technology exhibition.
Cybercrime is at an all-time high, and ransomware has emerged as one of the most pervasive — and disastrous— threats. Every 11 seconds, another business experiences a ransomware attack, according to current research from Veeam. Successful cybercrime strikes can paralyze an organization, harming not only its sensitive company data, but also its bottom line and reputation. Even companies that reluctantly fork over the ransom aren’t guaranteed a full data recovery. Victims that pay up have a one-in-three chance that they won’t get back all their company data.
Hackers manage to penetrate defenses by targeting vulnerabilities such as upgrades and missed software patches. Increasingly, they’re using artificial intelligence (AI), machine learning (ML) and deep learning (DL) to power their attacks. This trend has serious implications for data protection in general and backups in particular. It’s worth digging a little deeper into AI, ML and DL to understand how cybercriminals are weaponizing these technologies and learn how to defend against these cybersecurity threats.
The Tech and Tools Involved
AI is a general term that refers to any machine or software that completes tasks that would ordinarily require human intelligence. At the outset, tic-tac-toe programs were considered a form of AI, but those days are long gone. Today, AI is usually applied to much more challenging tasks like natural language processing (NLP) or beating a professional Go player. AI is typically very good at doing narrow tasks, but it requires a lot of training even for those.
Machine learning is a subset of AI that can adapt and improve, typically with a bit of human help. It’s often used for image and voice recognition, understanding text and NLP. This technology enables everything from virtual assistants such as Siri to chatbots, and from streaming services’ video recommendations to spam filters.
Deep learning is a subset of ML. It uses a multi-layered neural network to mimic the way human minds learn, and it does so without human intervention. One of the early applications of ML was AlphaGo, which made history by beating a Go world champion in a tournament. Deep learning is used in autonomous vehicles, popularly known as self-driving cars, which rely on it to collect and analyze data, make decisions and perform actions a human driver would normally handle.
Applications of AI in Cyberattacks
While AI powers many invaluable, worthwhile advances, it also helps cybercriminals do their work more efficiently. Hackers use AI primarily to get inside an organization’s network. They generally do that through “social engineering” — more specifically, an automated version of it. Previously, a human being would have to research targets and somehow trick them into revealing credentials or taking actions that would give the hackers access to the network. Now, however, hackbots can impersonate human beings and reach out to targets via SMS or instant message and on Internet forums which have become one of hackers most trusted tools when performing AI cyberattacks on businesses.
Spear phising is one of the strategies bad actors employ. The AI collects and correlates information on a target to create a credible email. For example, a spear phishing AI might learn from the web that I was scheduled to give a talk in Dublin on Sept. 13. It would then create an email that appears to be from me, asking someone in my organization to take a specific action while I was at the Dublin conference. That action would allow ransomware to infiltrate the network.
Social Media Phishing
Another criminal application for AI. An AI-powered social media profile entices readers to click malicious links. For example, a hacker could reach out through Facebook Messenger or create a fake Instagram page to trick users into providing log-in information. Once AI captures their credentials, hackers can take over the victim’s accounts, see if the credentials work for financial accounts, network with their friends and so on.
AI Network Scanners
In addition to social engineering, hackers rely on AI network scanners. They can either cast a wide net, trolling the Internet, or zeroing in on an organization to probe a specific network. These scanners are continually scanning for known vulnerabilities — the previously mentioned upgrades or unpatched software — that a hacker can exploit.
These AIs use ML techniques to discover vulnerabilities in software, both commercial and open source. Such discoveries make it very easy for hackers to execute zero-day vulnerability attacks before the software is patched. Google’s Project Zero detected 18 exploited zero-days vulnerabilities in the first half of 2022, half of them related to known ones that were not fully patched.
What This Means for Cybersecurity
With company cybersecurity threats increasing in number and severity, security awareness is more crucial than ever. There are several steps organizations should take to combat the growing danger.
Mandate security training:
Every user is a potential chink in the armor, so require all employees to undergo security training. In fact, a 2021 survey showed that more than half (56%) of employees received no cybersecurity training within the last year.
Training programs vary greatly, so research the options. Look for a quality program with demonstrated effectiveness. This is critical, so don’t let price be the top deciding factor. A good program tests with lifelike scenarios so employees can better recognize threats when they encounter them. For example, at CyberFortress, we create realistic phishing emails from company officers and send them to employees. This gives them an idea of what the threat looks like and helps them learn how to handle them.
Passwords are generally the first line of defense, but those generated by users are often too weak, simple or reused or shared with others. Best practices require system-generated passwords combined with a good password manager, supplemented by multi-factor authentication.
With hackers constantly probing for vulnerabilities, fixing holes in your systems every 30 days isn’t enough. Develop a program for rapid patch deployment to address vulnerabilities ASAP.
Back up strategically: Comprehensive backup is the key to recovery. Almost all attackers try to destroy or encrypt backup repositories so victims can’t recover without paying up. To avoid that, encrypt your backups to protect sensitive data and make backups read-only so they can’t be encrypted by malicious code during ransomware attacks.
Design the system for rapid recovery: Backups do you little good if it takes 60 days to recover from a ransomware attack. The disruption to operations and financial losses during that time could easily outweigh the price of the ransom. Don’t wait for disaster to hit to see if your recovery strategy is effective. Test the system to make sure it works as expected.
The experiences of big companies like Colonial Pipeline underscore these points. Even though the company had backups, they paid the ransom. They realized that recovery would have taken too long and caused far more financial damage than paying the ransom to get up and running more quickly.
Companies Need to Be Proactive
Threats are growing more sophisticated thanks to AI and ML-powered attacks. Organizations must take them seriously and institute good cybersecurity practices to defend against them. CyberFortress can help by providing secure, rapid data recovery solutions.
Interested in learning more? Check out this video of Bret’s recent presentation at TechConnect in Dublin!