Artificial intelligence (AI) is one of the hottest topics in the IT sector and is now ranked third among German companies in the Priority list – trumped only by cloud computing and cybersecurity. Companies expect AI to increase efficiency and are therefore assessing its use in various fields of application. AI systems and applications aimed at improving security measures and defense capabilities are finding their way into the cybersecurity sector. Unfortunately, criminals also leverage the potential of artificial intelligence: the race between attackers and defenders enters the next round.
Imminent danger: AI-assisted attacks
One of the advantages enjoyed by attackers is that AI-supported malware automatically and continuously adapts its behavior. Malware learns to remain inconspicuous in a certain environment and can thus bypass a company’s protection measures intended for early detection of attacks. It fits better and better into the victim’s existing infrastructure and imitates human behaviour. AI-assisted malware is also becoming increasingly modular and decides on a case-by-case basis which modules are best suited for which attack purpose. This considerably reduces the probability that malware will be detected by the defenders and their security solutions. A good example is the continued enhancement of the Trickbot malware. Originally launched as a banking Trojan, Trickbot is increasingly evolving into a multi-purpose weapon ranging from ransomware and data theft to targeted attacks. Attackers use AI to automate and scale their attacks – and they are getting ever better at executing them.
On average, it takes 199 days for a company to even realize that it has been the victim of an attack. Defending the attack and system recovery take another two to three months. In order to better recognize attacks and react faster, artificial intelligence is increasingly used in defending attacks as well. AI provides reliable and rapid contextual intelligence on new threats and attacks. Attacks on a corporate network, for example, can be detected and analyzed more quickly with AI, and those affected have the chance to react in good time. AI-based assistance systems enable security experts to make quick and far-reaching decisions.
In the future, AI will be able to support or take over more and more tasks of security experts. However, it is still difficult to assess for which security-relevant events identified by artificial intelligence additional human analysis is required. Due to the huge amounts of data and the multitude of events, not every incident can be checked by experts. So there remains the question of how to check and ensure the quality and correctness of AI-controlled actions.
AI systems and applications in cyberdefense offer many advantages for companies and their security experts. They enable fast responses based on informed decisions using large amounts of data. This means that existing resources can be used more efficiently and specifically and the overall level of security increases.
AI versus AI?
However, all those responsible must be aware that AI is used on both sides – sometimes the attackers are ahead and sometimes the defenders are. AI-based security measures to defend against AI-based threats are becoming increasingly powerful. Nevertheless, artificial intelligence is not a silver bullet and must be controlled and monitored by human security experts. This is all the more true when it comes to assessing attack reports and responding to attacks. Recent developments are therefore moving in the direction of intelligently combining human and machine, both on the attacker’s side and in defending attacks.