The IT security industry is bracing itself for an onslaught of new wave hacking exploits which are powered by smart technology, machine learning, and artificial intelligence. Black Hat computer experts are expected to unleash a number of unethical tactics to target and manipulate individuals and organizations who are not primed to counter it.
The era of artificial intelligence is happening now, harnessing the power of AI is arguably one of the pivotal agenda items within many business organizations throughout the world. Controlling enterprise data and using machine learning to understand business trends is commonplace.
Hackers are also exploring this technology to create AI-powered malware which can deploy untraceable malicious applications within a benign data payload. AI techniques can conceal the conditions needed to unlock the malicious payload making it almost impossible to reverse-engineer the threat, potentially bypassing modern anti-virus and malware intrusion detection systems.
AI-powered malware can be trained to wait until a specific action occurs which triggers the hostile payload. This might be actuated by voice or facial recognition, or even by geo-location properties. It can be argued that AI malware can be trained to listen for specific words or a targeted person’s voice, advanced image APIs can also be used for face recognition on webcams or security cameras.
IBM research scientists have already created a proof-of-concept AI-powered malware called “DeepLocker”. The malware contained hidden code to generate keys which could unlock malicious payloads if certain conditions were met. They recently demoed this technology at the “Black Hat” technology conference in Las Vegas, 2018 and it used a genuine webcam application with embedded code to deploy ransomware when a person looked at the laptop webcam.
Smart Phishing is another approach being rapidly utilized by unethical hacking experts to attempt to exploit sensitive information from victims. The scam is rolled out using a baseline of intelligent data which is exclusive to the target. Essentially with the aim to fool the victim that the phishing methodology is legitimate.
What makes this assault dangerous is the smart methods used as part of the exploitation. Hacking groups trade exploited personal information on the dark web, such as where you shop, what online services you subscribe to, or who you bank with. This information alone may not be significantly exploitable, however, when you introduce artificial intelligence and machine learning, trends and patterns can be predicted when the data is ingested and transformed.
As a result, smart phishing can target specific victims where the hackers already know relevant information about you. You may receive a malevolent phone call from people impersonating your bank or credit card provider. These people may already know certain information about you such as your address, date of birth and use that to exploit pin numbers and bank account information from you with the aim of defrauding you.
More commonly, smart phishing results in intelligently targeting digital attacks in the form of emails and fake email attachments. These scams try to persuade you to click on a fake URL link and are used to mine data and potentially exploit you by injecting malware onto your system, most likely for financial gains.
Also, there has been an ever growing trend of technology savvy individuals learning and developing open source solutions to assist in hacking activities. This is nothing new, however, the proliferating use and abuse are expanding exponentially. Open Source toolsets and Linux distributions such as Kali Linux contains a suite of white hat tools which can be used acrimoniously.
Open Source tools can be used to exploit websites, servers and cloud infrastructure as well as inject packets into wireless network traffic with the aim of intercepting and decrypting traffic. Password crackers and dictionary attack tools can use machine learning to break complex passwords.
To help prevent the influx of smart hacking, the security community needs to be prepared for AI-powered threats. To combat the threat, security defenders can also use AI-powered intelligence creating trend-based detection systems instead of rule-based.
Greater investment in monitoring and data analysis solutions are also a proven deterrent to undertake. Such solutions can intelligently track and log network and server activity, using AI and machine learning the solutions can learn patterns and trends and help detect weaknesses on a platform.
Above all else, it is imperative to ensure traditional defenses such as ensuring you are on the latest firmware and operating system patch levels and keeping employees engaged on security topics and trained on security fundamentals such as not executing untrusted applications or email attachments remain significant barriers to the hacking community.