Dubai: Hackers and security solutions providers are expected to deepen their artificial intelligence (AI) capabilities this year in a bid to see who wins the fight.
Hackers will automate attacks using AI while defenders will leverage it in mounting counter-attacks and identifying vulnerabilities.
Ramses Gallego, a strategist in the office of Symantec’s chief technology officer, told Gulf News that attackers don’t have to create very complex scripts or complicated engineering attacks. Instead, they will use things that are on our computers such as cloud features and functionalities, as well as the functionalities of operating systems and commercial software already installed.
Instead of building a phishing attack, scam or ransomware attack, the bad guys will use algorithms to trick people by creating an identical web page or an identical email from a company. AI could leverage deep fakes to make social engineering attacks even more sophisticated.
Moreover, he said that security solutions providers will use AI to probe for open vulnerabilities in a bid to ramp up security.
Leveraging deep fakes
“Instead of building a phishing attack, scam or ransomware attack, the bad guys will use algorithms to trick people by creating an identical web page or an identical email from a company. AI could leverage deep fakes to make social engineering attacks even more sophisticated,” he said.
Before, hackers needed to create a company’s logo to generate that authentic feel, he said. Now, they can create it using AI to make it look original. Moreover, he said that there are AI-powered attack tool kits available on the Dark Web to enhance their attacks while offering a wide range of options at the same time.
“The cost of an attack is so low these days and it gives hackers the ability to launch sophisticated targeted attacks with ease and they can attack energy plants, water distribution systems or the traffic systems of a city,” Gallego said. “We saw it last year and it will happen this year also. There could be no financial motive or political goals behind these attacks but just to create turbulence. Combined with AI, it could be scary. The criminal organisations could be states, nations or [groups] sponsored by a set of lobbies,” he said.
Now, it all depends on who is creating the best AI to win this fight, he added. With fifth-generation cellular technology (5G) expected to be rolled out commercially, Gallego said the additional bandwidth when compared to 4G will catalyse new operational models, architectures and vulnerabilities.
5G will have a peak data download rate of 10Gbps compared to 4G’s 1Gbps.
Gallego said hackers can steal data in transit as it moves from mobile to cloud or from the home to the enterprise. For example, he said that hackers can steal banking credentials and capture credit card numbers in transit once they have gained access to home routers and other IoT hubs by inserting malware into the same routers.
As the concept of home-based IoT devices gains traction, Gallego said it is plausible that some nations could attempt to weaponise them by, for example, shutting down home thermostats in an enemy nation during a harsh winter.
WiFi routers on their radar
“Home-based WiFi routers and other poorly secured consumer IoT devices will be on the radar of the bad guys and attackers will continue to focus on network-based enterprise attacks,” he said.
“As more 5G IoT devices enter the market, they’ll connect directly to the 5G network, thus making the devices more vulnerable to direct attacks and DDoS [botnet-powered distributed denial of service] attacks. Critical infrastructure can be halted using DDoS attacks and still there is a massive gap between IT [information technology] and OT [operational technology],” he said.
IT systems are storage systems, computing technology, business applications and data analysis tools while OT systems consist of machinery equipment, assets monitoring systems and control systems.
“Engineers building energy plants are focused on functionalities, procedures and processes of the plant from an engineering perspective but unfortunately, very few are thinking about the security aspects. Attacks that leverage the supply chain will grow in frequency and impact,” he said.
Moreover, he said hackers can attack the providers of cameras or a motherboard manufacturer.
“We have seen that you can put a chip into a motherboard that opens a backdoor for hackers to steal data and attackers are implanting malware into otherwise legitimate software packages in order to distribute it quickly and surreptitiously to intended targets,” he said.
Symantec predicts that state-sponsored attacks will continue as a show of supremacy.
In a geopolitical world, he said that if country A is attacking country B, it will look like country B is attacking country C and while both country B and C are fighting each other, country A is free of any blame despite starting the attack.
Mohammad Abu Khater, vice-president for FireEye Middle East and Africa, said the nations that are on top of the list for state-sponsored attacks are Iran, Russia, North Korea and China. He added that their tactics keep changing.
“Russia will continue to conduct operations via social media and through more covert operations such as hacking and tactically leaking data in ways that may sow discord. We have seen that in the US elections,” he said.
He expects to see other emerging cyber nations come to the fore this year and the primary reason will be pressure to keep up with other nations in developing cyber-programmes matching the capability of a traditional military. Abu Khater said that cyber threats from Iran targeting the US and its allies, including Gulf countries, are likely to increase drastically this year. Following the reimposing of sanctions against Iran by the US recently, after the US exited the Joint Comprehensive Plan of Action (JCPOA), he suspects that the Islamic republic could retaliate through cyber attacks.
“We noticed that some Iranian-nexus groups, which attacked the US banking sector using DDoS a few years ago, are re-emerging again to gain infrastructure access into some organisations in the US and outside,” he said.
Moreover, he said that less capable groups are emerging and supporting the Iranian government.
How to protect your business from hackers
1 Update your software and secure your hardware: Updating the operating system will protect user’s data and restrict bad guys from taking advantage of the software vulnerabilities. Protect all the devices with a strong password and install “find my device” software on all the smart devices that will help in locating the stolen device or to remotely delete the sensitive data.
2 Back up data and encrypt it: The best way to protect yourself against ransomware and other security breaches are to back up the data on a regular basis and encrypt it. Log out members from the computer if inactive after a certain amount of time. Good intrusion detection tools are available in the market to notify you if your system is being breached.
3 Install end-to-end protection: Have a good firewall, antispyware and antivirus software installed to secure your computer as a security guard. Secure your WiFi networks and network components. Keep changing passwords regularly. Limit administrative capabilities for systems and social footprint. Be aware and vigilant at all times.
4 Introduce a cyber-culture in your organisation: Many employees do not recognise external threats or have a good understanding of the security threats. Therefore, awareness and security training is necessary as staff members use their personal devices for work. Companies should have policies in place and restrict staff access to inappropriate websites.
5 Plan ahead: A systematic approach with an effective business security plan is key. Implement procedures to prevent, detect and respond. Determine if you need outside help after reviewing your own skills and knowledge. Always have “Plan B” in place if troubles arise.
6 Have insurance coverage to protect your business: Cyber insurance provides protection for costs associated with data breaches and will get skilled professional help to manage the crisis.
What is the Dark Web?
The Dark Web is part of the internet where criminals sell stolen credit card numbers, usernames and passwords, guns, stolen subscription credentials and software.
It is not indexed by search engines as it is run on networks of private servers and is only accessible with special software. It is a haven for criminal activity, acting as a black market to trade stolen stuff securely and anonymously.
It is difficult to access the dark web with the usual browsers such as Google Chrome or Internet Explorer. To do so, users need to download the TOR or Freenet or I2P (Invisible Internet Project) browsers, also known as dark web browsers, from the official websites.