top of page
Acubed Shield

Blog

AI in Cybersecurity:
The Battle between Defence and Deception

This blog looks at how AI changes cybersecurity in two ways. On one hand, it helps protect your data, strengthens systems, and makes the digital world safer. On the other hand, it can also be used by hackers to find weaknesses and create problems.

 

Why does this duality exist? It’s all in programming. The same intelligence that protects your assets can also be weaponised to infiltrate them. The power to defend or destroy, all within a single system.

​

Defensive AI can detect threats before they emerge, automate responses to mitigate damage, and predict future risks to keep us secure. But in the wrong hands, it could invade your privacy, manipulate data, or launch devastating attacks.

Duality of AI

As technology keeps improving, will we use AI to protect us, or will it be used to cause harm? In the end, the real question is not what AI is like, but how we choose to use it.

I would like to discuss some of the possibilities of threats that can be enhanced with AI, focusing on AI-enhanced attacks and the cutting-edge defenses designed to counter them.

AI-Enhanced Attacks and the Cutting-Edge Defences Against Them 

​​

Let's begin by discussing ransomware, ransomware remains a prevalent threat, with attacks becoming more sophisticated through AI. Ransomware encrypts a victim's data, demanding a ransom for decryption. The Colonial Pipeline attack in 2021 was a significant ransomware incident where attackers not only encrypted data but also stole it, employing double extortion tactics. The involvement of AI in automating these attacks can increase their frequency and impact.

Enhanced Threat Detection and Prevention:

AI-driven systems can detect anomalies and patterns indicative of ransomware attacks by analysing vast amounts of network data in real-time. Machine learning algorithms continuously improve their detection capabilities, reducing false positives and enabling quicker responses. For example, Darktrace’s AI system can detect unusual network behavior, providing early warnings and mitigating ransomware threats before they escalate  (Darktrace) .

Ransomware Attacks

Ransomware Attacks

​

Next, let's explore another critical AI-enhanced threat i.e. botnets. Botnets are networks of infected devices controlled by an attacker to launch coordinated attacks such as DDoS (Distributed Denial of Service). The Mirai botnet attack in 2016 compromised IoT devices, launching large-scale DDoS attacks. AI can further enhance such botnets by improving their stealth and effectiveness, for example by optimising attack strategies and evading detection through machine learning. â€‹

Automated Incident Response:

AI can enhance incident response by automatically identifying and isolating compromised devices within a botnet. Systems like IBM’s QRadar Advisor with Watson analyse data in real-time, enabling swift action to neutralise botnet threats and minimise damage  (Palo Alto Networks).

​

Now, moving on to Zero-day exploits, which target vulnerabilities that are unknown to the software vendor. The Stuxnet worm exploited multiple zero-day vulnerabilities to sabotage Iran's nuclear program. AI can accelerate the discovery of these vulnerabilities by analysing vast amounts of code and identifying potential weaknesses. AI's ability to identify and exploit zero-day vulnerabilities poses a significant challenge for cybersecurity. â€‹

Predictive Analytics:

AI can predict potential zero-day vulnerabilities by analysing historical data and identifying patterns. This proactive approach allows organisations to strengthen their defences before vulnerabilities can be exploited. For instance, the U.S. Department of Energy uses AI to foresee potential cyber-attacks on its infrastructure, enabling preemptive measures  (JISIS).

​

Moving on to phishing that tricks users into revealing sensitive information by posing as trustworthy entities. In 2017, Google and Facebook were victims of a phishing scam that led to losses of over $100 million. The attackers used sophisticated tactics to impersonate a vendor and trick employees into transferring funds. With the use of AI, phishing attacks can be enhanced by creating highly convincing messages and targeting individuals based on their online behavior and preference i.e. using data gathered from social media and other online activities.

Improved User Authentication:

AI-driven behavioral biometrics can help in continuously authenticating users based on their behavior, making it harder for attackers to use stolen credentials successfully. HSBC Bank, for example, uses AI-driven behavioral biometrics to secure online transactions and detect unauthorised access (ISACA) (Cisco Blogs).

Botnet Attacks

Botnet Attacks

Zero-Day Exploits

Zero-Day Exploits

Phishing Attacks

Phishing attacks

​

Finally, let's discuss MitM attacks, that occur when an attacker intercepts communication between two parties to steal or manipulate data. The 2013 Target data breach involved attackers installing malware on the retailer’s point-of-sale systems to intercept credit card information during transactions. AI can streamline such attacks by quickly identifying and exploiting vulnerabilities in communication protocols (JISIS).

​

​Enhanced Security Operations Centers (SOCs):

AI has the ability to enhance the efficiency of SOCs by monitoring network traffic, detecting anomalies, and prioritising alerts. This allows analysts to respond more quickly and accurately to MitM threats. For instance, Citi Bank uses AI to improve its SOC operations, resulting in faster threat detection and response times  (Aqua

Man-in-the-middle Attacks

Man-in-the-Middle (MitM) Attacks

The Impact of AI on National Security in both scenarios, Artificial Intelligence (AI) has a profound impact on national security, acting as both an adversary and a powerful ally. In the scenario where AI is utilised by attackers, it significantly enhances the capabilities of cybercriminals and hostile nations. AI can automate and sophisticate these attacks making them more difficult to detect and counter. These AI-driven attacks can target critical infrastructure, disrupt essential services, and steal sensitive information, posing severe risks to national security. The rapid and adaptive nature of AI allows attackers to stay ahead of traditional defence mechanisms, escalating the threat landscape.

​

On the other hand, when AI is used as a defencive tool, it revolutionises the approach to cybersecurity, providing strong solutions to counteract advanced threats. AI enhances threat detection and prevention by analysing vast datasets to identify anomalies and patterns indicative of cyber threats. It enables automated incident response, reducing the time to mitigate attacks and minimising potential damage. AI-powered predictive analytics can predict and stop future threats, helping to take action early to protect national security. AI plays a key role, showing why countries need to use advanced AI-based cybersecurity to defend against new threats and protect their national interests.

 The dual role of AI highlights the need for continuous innovation and vigilance in the cybersecurity landscape, ensuring that organisations can effectively combat evolving threats and protect their digital assets. Acubed.it believes that cybersecurity should be a top priority for organisations managing the complex digital landscape of 2024. In this rapidly changing environment, it is important for companies to develop and execute cybersecurity strategies that support business goals as well as ensure compliance with regulatory standards. 

bottom of page