Black Hat: AI as an Attack Method

Tuesday, August 1, 2017 @ 12:08 PM gHale


Survey respondents see more attacks using artificial intelligence against targets in the next year.

Artificial intelligence (AI) will end up used for cyberattacks in the coming year, new research found.

Artificial intelligence is the latest and greatest technology hitting the industry these days and it was clear at Black Hat USA 2017 there are plenty of organizations offering solutions. Between the countless booths plastered with the promises of AI, machine learning, and automation, and various sessions focused on the use of these technologies for active defense, it was clear the industry has high expectations for intelligent solutions. However, the rise of AI comes with its own drawbacks.

RELATED STORIES
Black Hat: Flaws in Radiation Monitors
Black Hat: Human Side of Grid Attack
Black Hat: Security Needs to Change
Summit: Security Needs Hands on Training

During the conference, security provider Cylance surveyed 100 attendees on various topics being discussed at the show – from criminals using AI as a tool to the impact the impact nation-states are having on the U.S.

The following are findings from the survey:

Criminals Will Likely Use AI for Offensive Purposes In the Next 12 Months: 62 percent of respondents believe there is a high possibility that AI will end up used by hackers for offensive purposes. While AI may be the best hope for slowing the tide of cyberattacks and breaches, it may also create more advanced attacker tactics in the short-term.

Increasingly automated cyberattacks won’t slow the adoption of AI for defensive purposes. In fact, as cybercriminals and nation-states begin using AI to increase the rate of attacks, the need for smarter solutions that can help human security teams keep up will only become more apparent.

Shutdown of Dark Web Markets Won’t Slow Ransomware Activity: In light of the recent takedown of AlphaBay and Hansa, two dark web markets known for selling malware strains, Cylance asked respondents to weigh in on whether these law enforcement initiatives would result in a decrease in ransomware attacks.

Nearly 4 in 5 respondents (79 percent) said taking down marketplaces on the dark web will have no impact on the frequency of this attack form.

OS Patching and Updating Is Top Concern: Within their own organizations, respondents are still concerned primarily with OS patching and updating (39 percent) and compliance issues (24 percent), followed by ransomware (18 percent), triaging alerts (10 percent) and identity and DoS attacks (8 percent).
 
In terms of what keeps them up at night, more than 1 in 3 (36 percent) are primarily concerned with phishing and 33 percent reported attacks on critical infrastructure as their top worry. Additional top concerns included IoT attacks (15 percent), ransomware attacks (14 percent) and botnet attacks (1 percent).

Russia and Nation-State Criminals Pose Biggest Cybersecurity Threat to U.S.: When asked about the biggest cybersecurity threat facing the U.S., respondents remained divided about whether Russia or non-state cybercriminals posed the biggest risk. Russia narrowly took the number one slot with 34 percent of respondents naming them as the biggest threat, followed by organized cybercrime (33 percent), China (20 percent) and North Korea (11 percent). Despite elevated tension between the U.S. and Iran, only 2 percent of attendees named them as our top cyber-adversary.



Leave a Reply

You must be logged in to post a comment.