/ TitanHQ Blog
/ Using AI for Cybersecurity Increases the Odds Against Persistent Threats
Posted by Geraldine Hunt on Tue, Nov 17th, 2020
Cybercriminals seem to always have the enterprise on the back foot. Every sector across all industries, deal with a continuous onslaught of cybersecurity attacks, to the extent that protecting an organization can become overwhelming. The Covid-19 pandemic and the remote working that followed, has only exacerbated this situation. In March and April 2020, security vendor, Kaspersky, found a 400% increase in cyber-attacks targeting remote desktops. Email scams too, have prospered during the pandemic with a 667% increase in March of Covid-19-related email scams. Automation is behind many cyber-attacks, oiling the wheels of the attack method and making mitigation harder. As cybercriminals up their game and use more sophisticated and novel techniques to steal and plunder data and systems, what tools can help an organization fight back?
Many modern cyber-attacks are carried out using automation and some are even starting to take advantage of artificial intelligence (AI). Many of these attacks carry malware that persists within a system and is difficult to detect and eradicate (Advanced Persistent Threat, APT). Recent examples show the smarter elements of modern cyber-threats.
APT Sophistication in Q3 2020
Kaspersky researchers have identified that the latest series of APT threats have become increasingly novel in character. One of the new tactics harks back to an older method known as ‘stenography’. This technique uses obfuscation to hide malware. In this case, the malware was hidden in a legitimate Microsoft Defender executable. This can make malware extremely difficult to detect. The conclusion is that “defenders need to invest resources in hunting malicious activity in new, possibly legitimate environments that were scrutinized less in the past”
Dunkin Donuts' DD Perks program and credential stuffing automated attack
Loyalty card fraud is a growing issue. The reason? Loyalty programs contain lucrative rewards and points as well as personal data; this makes them attractive to cybercriminals. Account takeover using a technique called, ‘credential stuffing’, is an issue for any company offering a rewards program. In the Dunkin Donuts attack, hackers used credentials stolen using techniques such as phishing and malicious websites. The fraudsters then use automation tools, such as Snipr, to try out these credentials, en masse, against existing accounts. Automation has made attacks like these much easier and more lucrative.
Business Email Compromise, AI, and deepfakes
Business Email Compromise (BEC) allows fraudsters to trick companies out of large amounts of money. In 2019, there was an estimated cost to business of $1.77 billion in stolen funds because of BEC fraud. Now, BEC fraud may be augmented by the use of deepfake technology, based on AI generated video and audio. One of the most infamous deepfakes involved a fake video of Mark Zuckerberg of Facebook. This technology is becoming more common, with 14,698 deepfake online videos found by researchers at DeepTrace in 2019, double the numbers of 2018. This AI-based technology is finding its way into cyber-attacks, many initiated using tactics including spear-phishing emails...
In 2019, an alleged deepfake instigated BEC attack was recorded. A British CEO was tricked into transferring $240,000 to a fraudster, who allegedly used deepfake technology to create a spoof voice of the company’s head. During a call with the fake head, the CEO was asked to “urgently transfer” an amount of money, the money ending up in the fraudster’s bank account.
This last example is most concerning as it uses a merger of AI automation with social engineering.
AI and Analytics to the rescue
If cybercriminals are using smart technologies such as AI to propagate attacks, then we need to respond smartly. What is “sauce for the goose is sauce for the gander”. AI and subset machine learning (ML) both offer a powerful way to mitigate threats.
Cybercriminals use AI and automation to turn tried and trusted attack vectors into hyper-charged weapons. If cybercriminals can use AI to boost existing forms of cyber-attack, then by the same token organizations can also see these technologies to fight back.
AI, and ML, coupled with advanced analytics can be used to thwart cyber-attacks, including those based on automation. Some examples of cybersecurity AI for good include:
Smart Web Filtering
Cybercriminals place malicious content on websites and then use social engineering to lure employees to those sites. These sites can be very difficult to detect and 78% of them trick users by appearing to be secure sites. An AI-powered cloud-based DNS web filtering solution provides protection from online threats, including malware, ransomware, and phishing. AI-enabled web filtering solutions use automation and advanced analytics to search through billions of URLs/IPs and phishing sites that could comprise a company. WebTitan DNS filtering solution provides AI-Powered protection against active and emerging phishing URLs including ‘Zero-Minute’ threats.
Smart Email Filtering and Scanning
Email is the weapon of choice of the cybercriminal as it offers the perfect conduit into the heart of an organization. Typically, a mix of social engineering and malicious links is the modus operandi of this cyber-attack method. However, malicious attachments can also cause malware infection; the Verizon Data Breach Investigation Report (DBIR) for 2020 found that 20% of malware attacks are initiated using email attachments.
A mix of machine learning and behavioral analysis technologies can help detect suspicious emails and isolate them, preventing them from reaching user inboxes. Some technologies go even further by pacing these malicious emails and attachments in safe sandboxes to trick cybercriminals into thinking they have reached their target. This also gives the administrator an opportunity for review. Advanced email security solutions like SpamTitan use a combination of blacklists of known malicious IPs, email header and content scanning, link analysis, anti-virus scans, sandboxing, SPF, DKIM, and DMARC to detect and block email impersonation attacks, and apply AI and machine learning techniques to identify zero-day phishing attacks.
Whatever method is used to exploit email, an organization has to be able to filter these malicious emails out before they get to a user's inbox. But the modern enterprise has to deal with massive numbers of emails. Even smaller organizations are inundated with spam emails. The Radicati report predicts that by 2023, there will be 347 billion emails sent and received each day. First generation email filtering systems have been circumvented by cybercriminals and no longer work effectively at this level of mass email. The use of machine learning in email filtering and scanning has come to the rescue. The technique offers a “crowd-sourced” way to spot malicious content. Smart email filtering solutions use real data to train a machine learning algorithm; this data is updated on-the-fly, the more email, the more accurate the response. Some systems are even more advanced, using continuous sampling and human supervisors to train supervised machine learning systems and adjust or tune the efficiency, accuracy, and overall effectiveness of the malicious detection systems.
AI bringing balance to the cybersecurity struggle
Cybercriminals are forever looking for novel ways to commit cyber-attacks. However, they often come back to the use of email as this acts as a highway straight into the center of an enterprise. As organizations fight back, so cybercriminals and hackers modify their tactics to circumvent cybersecurity measures. AI provides the means to take advantage of our data-saturated world and use these data to create more proactive cybersecurity systems. By turning to advanced and smart systems that use AI, ML, and advanced analytics, an enterprise can beat the cybercriminal at their own game.
Talk to us today about WebTitans AI-Powered Protection Against Active and Emerging Phishing URLs including Zero-Minute Threats.