Security leaders consider AI-charged cyber-attacks inevitable: survey
Friday, April 3, 2020
Organisations needed cyber-security defenses that cover everything from cloud to email to keep pace with AI-driven threats and respond with surgical precision and at machine speed to keep pace with AI-driven threats; and AI augmentation that can adapt to shifting threat vectors, as well as reduce time in detection and analysis, the survey respondents said.
However, these kinds of attacks have existed for several years already, Immuniweb founder and CEO Ilia Kolochenko told SC Media UK. It is just a vector to enhance, augment or accelerate existing types of widespread attacks, not a fundamentally new type or class of attack, he explained.
“Many cyber-gangs leverage machine learning to better profile the most susceptible victims, randomise and improve spear-phishing emails or drive-by-download web content to spread ransomware.”
Heinemeyer agrees, pointing towards the proliferation of AI-manipulated deepfakes.
“Offensive AI will be used to create realistic digital fakes designed to supercharge phishing campaigns. AI cuts out the hours of social network research and reconnaissance that today’s hackers conduct in order to launch a highly targeted attack – the AI attacker can do this in seconds,” he said.
Relatively new vectors are used to bypass existing security mechanisms (eg WAF or antifraud systems), accelerate application fuzzing or falsify someone’s voice in vishing attacks, Kolochenko noted.
“But we are still dealing with the very same security vulnerabilities exploited for over decade, ranging from different types of buffer overflows to SQL injections attacks. We are still very far from seeing a strong AI capable of creating and launching novel attacking techniques.” Read Full Article
Information Security Buzz: Zoom Is Just The Tip Of The Iceberg For Hackers – Expert Warn