Two of the hottest topics within technology circles currently belong to Cybersecurity and Artificial Intelligence (AI). Inevitably, the cross-pollination between Cyber and AI has led to increasing interest around the art of the possible. Will the use of AI in cyber criminal or cyber defensive activity proliferate heavily in the coming years? While the use of ‘machine learning’, ‘deep learning’, and broader AI terminology sometimes merely serve as buzzwords for organisations rather than any real applicability, we are unquestionably seeing increasingly interesting applications and usage of AI within the realm of cyber.
Using ‘Deepfakes’ to drastically enhance voice scams
With the rising prevalence of deep learning technology (e.g. deepfake videos including the wildly popular Mark Zuckerberg video) it was only a matter of time before the technology was exploited for malicious purposes. Threatpost recently reported the first well-known case of cyber criminals using deep learning technology to artificially create a near-perfect imitation of an organisation’s CEO’s voice to trick an employee to fraudulently transfer the sum of $243,000 to the criminal’s bank account. The old voice phishing safeguards of calling and verifying the authenticity of a person based on their voice may become deprecated if we can no longer trust the voice and face on the other line.
Replicating Natural Language to enhance traditional Phishing emails
Written communication traits is often a key tell-tale sign when it comes to identifying potential phishing emails. A few grammatical errors here and there along with odd language choice by the fake sender can often be the factor which raises the alarm with the recipient. With the rising adoption of Natural Language Processing (NLP) to build human language-interpretive systems (e.g. Chatbots) there may be opportunity for cyber criminals to ‘weaponise’ NLP techniques. An example may be a cyber criminal who has hacked into an organisational user’s email and deploys NLP to automatically identify the user’s normal choice of words, phrases, and formalities which allows the criminal to know how to effectively disguise their phishing emails to the rest of the organisation.
Enhancing traditional solutions for anomaly detection
Modern security solution providers are increasingly reporting their incorporation of advanced machine learning and AI capabilities to enhance their abilities to detect anomalous behaviour prior to when a cyber incident or attack occurs. Endpoint detection and response providers such as Symantec report that the incorporation of machine learning allows them to analyse and flag potentially questionable files and websites prior to their customers being compromised, while several Security Incident & Event Management (SIEM) solutions such as Splunk are beginning to incorporate machine learning to continuously scan and identify anomalies in the environments they protect.
While these examples are mere snippets of the potential of AI in the field of cybersecurity, it is important to note that even in 2019, AI approaches and techniques still remain somewhat in their infancy. Before considering incorporating AI, machine learning, and deep learning into your organisation’s cyber toolkit, it is pertinent to ensure the cyber basics such as security awareness training and getting the right level of people, process, and technology protection for your critical assets are done right first.