In almost every segment of our lives, artificial intelligence (AI) now has a significant impact: it can provide better health diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and offer the right advice for a movie streaming on Friday night. However, a strong case can also be made that some of the most significant impacts of AI relate to cybersecurity.
AI’s ability to learn, adapt, and predict rapidly evolving threats has made it an indispensable tool for protecting businesses and governments around the world. From basic applications like spam filtering to advanced predictive analytics and AI-assisted response, AI plays a critical role on the front lines, defending our digital assets from cybercriminals.
However, the future of AI in cybersecurity is not all sunshine and rainbows. Today we can see the first signs of a significant change, driven by the democratization of AI technology. While AI continues to enable organizations to build stronger defenses, it also provides threat actors with tools to carry out more sophisticated and stealthy attacks.
In this blog we will examine how the threat landscape has changed, track the evolving role of AI in cyber defense, and consider the implications for defending against future attacks.
Artificial intelligence in cybersecurity: the first wave (2000-2010)
As we welcomed the new millennium, the initial stages of digital transformation began to impact our personal and professional lives. In most organizations, knowledge workers performed their work within tightly managed IT environments, leveraging desktop PCs and laptops, along with local data centers that formed the backbone of the organizational IT infrastructure.
Cyber threats that have gained prominence at this time have primarily focused on sowing chaos and gaining notoriety. The early 2000s saw the rise of malware such as ILOVEYOU, Melissa and MyDoom, which spread like wildfire and caused significant disruption globally. By the mid-2000s, the allure of financial gain led to a proliferation of phishing schemes and financial malware. The Zeus banking trojan has proven to be a significant threat, stealthily stealing the banking credentials of unsuspecting users.
Organizations relied heavily on basic security controls, such as signature-based antivirus software and firewalls, to try to repel intruders and protect digital assets. The concept of network security has begun to evolve, with improved intrusion detection systems making their way into the cybersecurity arsenal. Two-factor authentication (2FA) has been gaining traction right now, adding an extra layer of security for sensitive systems and data.
This is also when AI started to show significant value for defenders. As spam email volumes have exploded, unsolicited – and often malicious – emails have clogged mail servers and inboxes, tempting users with get-rich-quick schemes, illegal pharmaceuticals and similar lures. to trick them into revealing valuable personal information. While AI still sounded like science fiction to many in the IT industry, it has proven to be an ideal tool to quickly identify and quarantine suspicious messages with previously unimaginable efficiency, helping to significantly reduce risks and recover lost productivity. Although in its infancy, AI has shown a glimpse of its potential to help organizations protect against rapidly evolving threats, at scale.
Artificial intelligence in cybersecurity: the second wave (2010-2020)
With the transition to the second decade of the millennium, the composition of the IT infrastructure has changed significantly. The explosion of software-as-a-service (SaaS) applications, cloud computing, bring-your-own-device (BYOD) policies, and the emergence of shadow IT have made the IT landscape more dynamic than ever. At the same time, it has created an ever-expanding attack surface for threat actors to explore and exploit.
Threat actors have become more sophisticated and their targets have expanded; intellectual property theft, infrastructure sabotage, and larger-scale monetization attacks have become common. More and more organizations have become aware of the threats posed by nation-states, led by well-funded and highly sophisticated adversaries. This in turn led to the need for equally sophisticated defenses that could autonomously learn fast enough to stay one step ahead. Incidents such as the Stuxnet worm that targeted Iranian nuclear facilities and devastating attacks against high-profile companies such as Target and Sony Pictures have gained notoriety and underlined the growing stakes.
At the same time, the vulnerability of supply chains has become particularly evident, exemplified by the SolarWinds breach that had ramifications for tens of thousands of organizations around the world. Perhaps most notably, ransomware and wiper attacks have increased with well-known strains like WannaCry and NotPetya wreaking havoc globally. While relatively easy to detect, the volume of these threats required defenses that could scale with speed and precision to levels that far exceeded the capabilities of a human analyst.
During this time, AI has emerged as an indispensable tool for defenders. Cylance led the initiative, founded in 2012 to replace heavy legacy antivirus software with lightweight machine learning models. These models have been trained to identify and stop rapidly evolving malware quickly and efficiently. The role of artificial intelligence in cybersecurity has continued to expand, with machine learning techniques used to detect anomalies, flag unusual patterns or behavior indicative of a sophisticated attack, and perform predictive analytics to predict and prevent possible attack vectors.
Artificial Intelligence in Cybersecurity: The Third Wave (2020-present)
Today, a profound shift is taking place around the use of artificial intelligence in cybersecurity. The ubiquity of remote work, combined with hyper-connected and decentralized IT systems, has blurred the traditional security perimeter. With the surge in the Internet of Things (IoT) and connected devices, from smart homes to smart cars and entire cities, the attack surface has expanded exponentially.
In this context, the role of artificial intelligence has evolved from purely a defensive mechanism to a double-edged sword, also wielded by adversaries. While commercial generative AI tools, such as ChatGPT, have attempted to build guardrails to prevent bad actors from using the technology for malicious purposes, adversarial tools such as WormGPT have emerged to close the gap for attackers.
Potential examples include:
- Phishing campaigns generated by artificial intelligence: With the help of generative artificial intelligence, attackers can now create highly convincing phishing emails, making these deceptive messages increasingly difficult to identify. Recent research also confirms that generative AI can save attackers days of work on every phishing campaign they create.
- AI-assisted target identification: By leveraging machine learning algorithms to analyze social media and other online data, attackers can more efficiently identify high-value targets and tailor attacks accordingly.
- AI-based behavior analysis: AI-enhanced malware can learn typical user or network behaviors, enabling attacks or data mining that evade detection by better mimicking normal activity.
- Automated vulnerability scanning: AI-powered reconnaissance tools can facilitate autonomous scanning of networks for vulnerabilities, automatically choosing the most effective exploit.
- Intelligent data sorting: Instead of mass copying all available data, AI can identify and select the most valuable information to exfiltrate, further reducing the chances of detection.
- AI-assisted social engineering: The use of AI-generated deepfake audio or video in vishing attacks can convincingly impersonate trusted individuals, lending greater credibility to social engineering attacks that convince employees to reveal sensitive information.
The development of this third wave of AI highlights a crucial turning point in cybersecurity. The dual use of AI – as both a shield and a spear – highlights the need for organizations to stay informed.
Conclusion
The evolutionary path of cybersecurity highlights the tireless ingenuity of threat actors and the need for defenders to stay well-equipped and informed. As we move into a phase where AI serves as both an ally and a potential adversary, the story becomes more complex and fascinating.
Cylance® AI has been around since the beginning, as a pioneer in AI-powered cybersecurity and a proven leader in the market. Looking ahead, we at BlackBerry® are continually pushing the boundaries of our Cylance AI technology to explore what’s next on the horizon. Keep an eye out for our next blog where we’ll delve deeper into how generative AI is coming onto the scene as a powerful tool for defenders, offering a new lens to anticipate and counter the sophisticated threats of tomorrow.
The future holds great promise for those who are ready to embrace the evolution of AI-powered cybersecurity.
For similar articles and news straight to your inbox, sign up to BlackBerry Blog.
Related reading
Note – This article was expertly written by Jay Goodman, Director of Product Marketing at BlackBerry.