AI Ushers In A Whole New Era Of Hacking

Uploaded on 2016-12-09 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY--Hackers

Hackers won't necessarily always be human. Artificial Intelligence (AI) is a technology that also promises to revolutionize cybersecurity, could one day become the go-to hacking tool.  

Organisers of the Cyber Grand Challenge, a contest sponsored by the US defense agency DARPA, gave a glimpse of the power of AI during their August event. Seven supercomputers battled each other to show that machines can indeed find and patch software vulnerabilities.

Theoretically, the technology can be used to perfect any coding, ridding it of exploitable flaws. But what if that power was used for malicious purposes? The future of cyber defense might also pave the way for a new era of hacking.

The possible dangers

For instance, cyber-criminals might use those capabilities to scan software for previously unknown vulnerabilities and then exploit them for ill. However, unlike a human, an AI can do this with machine efficiency. Hacks that were time-consuming to develop might become cheap commodities in this nightmare scenario.

It’s a risk that the cybersecurity experts are well aware of, in a time when the tech industry is already developing self-driving cars, more advanced robots, and other forms of automation. "Technology is always frightening," said David Melski, vice president of research for GrammaTech.

Melski's company was among those that built a supercomputer to participate in August’s Cyber Grand Challenge. His firm is now considering using that technology to help vendors prevent flaws in their internet of things devices or make Internet browsers more secure.

"However, vulnerability discovery is a double-edge sword," he said. "We are also increasingly automating everything."

So it’s not hard for security experts to imagine a potential dark side, one where AIs can build or control powerful cyber weapons. Melski pointed to the case of Stuxnet, a malicious computer worm designed to disrupt Iran's nuclear program.  

"When you think about something like Stuxnet getting automated, that’s alarming," he said.

Tapping into the potential

"I don’t want to give any ideas to anyone," said Tomer Weingarten, CEO of security firm SentinelOne. But AI-driven technologies that crawl the internet, looking for vulnerabilities, might be among the future realities, he said.

That streamlining of cybercrime has already taken place. For instance, buyers on the black market can hire "rent-a-hacker" services, built with slick web interfaces and easy-to-understand commands, to pull off cybercrime like infecting computers with ransomware.  

Weingarten said it's possible these rent-a-hacker services may eventually incorporate AI technologies that can design entire attack strategies, launch them, and calculate the associated fee.  "The human attackers can then enjoy the fruits of that labor," he said.

However, the term AI is a loaded one. Tech companies may all be talking about it, but no company has created a true artificial intelligence. The industry has instead come up with technologies that can play games better than a human, act as digital assistants, or even diagnose rare diseases.

Cybersecurity firms such as Cylance have also been using a subset of AI called machine learning to stop malware. That's involved building mathematical models based on malware samples that can gauge whether certain activity on a computer is normal or not.

"Ultimately, you end up with a statistical probability that this file is good or bad," said Jon Miller, chief research officer of the security firm. More than 99 percent of the time the machine learning works to detect the malware, he said.

"We're continually adding new data, of malware samples, into the model," Miller said. "The more data you have, the more accurate you can be."

Escalation

A drawback is that using machine learning can be expensive. "We spend half a million dollars a month on computer models," he said. That money is spent on leasing cloud computing services from Amazon to run the models.

Anyone who attempts to use AI technologies for malicious purposes might face this same barrier to entry. In addition, they'll also need to secure top talent to develop the programming. But over time, the costs of computing power will inevitably decrease, Miller said.

Still, the day when hackers resort to using AI may be far off. "Why hasn’t this been done? It’s just not necessary," he said. "If you want to hack somebody, there are already enough known flaws in everything."

To this day, many hacks occur after a phishing email containing malware is sent to the target. In other instances, the victims secured their logins with weak passwords or forgot to upgrade their software with the latest patch – making them easier hack.

AI technologies like machine learning have shown the potential to resolve some of these problems, said Justin Fier, director for cyber intelligence at security firm Darktrace. But it may only be a matter of time before the hackers eventually upgrade their arsenal.

That will pit cybersecurity firms against the hackers, with AI on the frontlines. "It seems like we’re heading into a world of machine versus machine cyber warfare," Fier said.

CIO:            Five Things AI Can Do Better Than Humans:

 

« Cyber Police Stations Across India
Critical Cybersecurity Protocols To Implement »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

Synergy Quantum

Synergy Quantum

Synergy Quantum has pioneered a proprietary suite of military-grade, quantum-secure communication technologies.

Corvid Cyberdefense

Corvid Cyberdefense

Corvid Cyberdefense provides military-grade cybersecurity as a service for growing organizations and municipalities of all sizes.

Breeze Security

Breeze Security

The Breeze Platform acts as a defense coordinator, unifying security across identities, endpoints, cloud, and data to expose real attack paths, orchestrate remediation, and detect threats.

DevSecFlow

DevSecFlow

DevSecFlow is at the forefront of enterprise-grade cybersecurity solutions, specializing in secure product and software development.