We’ve told you recently in this space that AI-driven cyberattacks represent the most serious and growing cybersecurity threat in today’s world.

This is the giveth-and-taketh-away proposition AI presents in cybersecurity. It can absolutely be used to strengthen many of the existing tools – assessing potential threats and helping to make decisions about when manual intervention is necessary.

But the bad guys can use AI as well, and they’ve been finding disturbingly creative ways to do so.

One example, reported by CyberSecurity Dive, is the use of the AI-enabled malware LameHug by the threat group Fancy Bear to automate document collection and reconnaissance activity.

But now the hackers are taking it up a notch, as evidenced by the move of cybercriminals Punk Spider to use AI-generated scripts so they could erase forensic evidence and accelerate the dumping of credentials.

How would you possibly track this? First the hackers use AI-powered tools to generate scripts that get past authentication protocols and get into the system. Then they use the AI tools to move more quickly through your system, jumping from system to system in record time and exfiltrating data within mere minutes of getting in.

By the time your team catches on that there’s been a breach, the data is gone and quite possibly so is the hacker.

And now they’ve even used the AI tools to pick up the breadcrumbs you might have followed to figure out who they are, how they got in or at least what credentials were used to get them in.

That’s all gone. Like it never happened. But it did happen because your data’s been stolen.

Technology is usually neither good nor evil. It all has to do with how people choose to use it. In the case of AI and cybersecurity, the balance of power so far might be in favor of the villains.

How do you combat this if you’re just trying to run your business and protect your enterprise?

I can offer a few thoughts:

1.      Make sure your information security program consists of a solid combination of skilled people and strong technology. The tech bundle deployed for cybersecurity is important, but you also need people who can recognize patterns and have good instincts about alerts and unexpected events. If it’s just your AI against the bad guys’ AI, you have no reason to think yours is going to prevail.

2.      Make sure your cybersecurity people are keeping up on the latest threats, and by latest, I mean every day. There are information sources some of us follow closely that tell us how threats are developing and what kinds of defense are most likely to be effective. You don’t just want IT generalists who know the basics of cybersecurity. You want people who live, eat and breathe it. Because that’s what the attackers do.

3.      Just because AI is getting more sophisticated doesn’t mean it’s not worth it to commit to things like phishing-resistant multifactor authentication and zero-trust. Your team members won’t like it because it makes them perform additional steps every time they want to get into the system. But that’s much better than making it easy for them and even easier for AI-powered attackers.

These warnings are never designed to scare you. They’re to prepare you. If you can’t afford an in-house cybersecurity team, give me a call and we’ll work out a contract arrangement so you can be confident you’re keeping your enterprise safe.

I’m at 616.600.4018 and dacarey@cybersynergies.io.