There have been several reports on how humans can trick ChatGPT to write malware, but the possible applications of Artificial Intelligence (AI) in cyberattacks go beyond scripting malicious software.
The cybersecurity firm Kaspersky has warned that cybercriminals can use AI to carry out complex attacks at every step.
“Beyond malware development, AI can be used in various stages of a sophisticated cyberattack. Nowadays, APT (Advanced Persistent Threat) actors combine sophisticated techniques to evade detection and stealthy methods to maintain persistence. New AI developments can be of assistance to cybercriminals from the reconnaissance stage to data exfiltration,” shared Noushin Shabab, Senior Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
As the term “advanced” suggests, an APT involves ongoing, secret, and complex hacking methods to enter and stay in a system for a long time, which can have harmful results.
One of the main characteristics of an APT attack is to gain ongoing access to the system. Hackers achieve this in the following attack stages:
Reconnaissance
“During reconnaissance, AI can help actors find and understand potential targets by automating the analysis of data from various sources such as online databases and social media platforms and by collecting information about the target’s personnel, systems, and applications used in a company’s environment. Smart machines can even spot the weak entry points by assessing the company’s employee details, third-party relationships, and network architecture,” Shabab explained.
She shared that AI can assist in automating tasks related to building attack infrastructure, including purchasing network infrastructure, creating accounts, and compromising network infrastructure and accounts.
Initial access
In this initial access stage, AI can help cybercriminals craft compelling and personalized phishing messages. They can also be trained to find the best entry point into a target network and know the best timing to launch an attack.
“AI can analyze patterns in network and system activity and launch attacks during periods of low security vigilance or high noise. Thus, machines can assist cybercriminals to find the best timing for a phishing campaign to get initial access into the victim’s networks,” Shabab explained.
Execution
During the execution stage, AI can adapt the behavior of its malware in response to security measures, increasing the chance of a successful attack. AI-based obfuscation can also create polymorphic malware that changes its code structure to evade detection.
AI-chosen command and scripting interpreter can also analyze the target environment, understand system characteristics, and select the most suitable options for running malicious scripts or commands. AI-driven social engineering tactics could also increase the likelihood of users interacting with malicious files, enhancing the success of the execution phase.
Persistence
APT groups are known for their sophisticated technique to remain inside a network without being caught. Shabab shared that the most common techniques among APT actors in APAC to achieve persistence are:
- Scheduled Task/Job: Scheduled Task
- Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
AI can create the most suitable script for this stage to execute the malware based on user behavior analysis. Threat actors can also develop AI-powered malware that dynamically adapts its persistence mechanisms based on changes in the target environment.
AI-driven monitoring mechanisms can also track system changes and adjust persistence tactics accordingly. Ai-guided techniques can also manipulate Windows Registry entries to update persistence registry keys and evade detection.
Data exfiltration and Impact
“AI can analyze network traffic patterns in order to better blend in with the regular network behaviors and determine the most suitable communication channel to exfiltrate data for each victim. It can even optimize obfuscation, compression, and encryption of the stolen data to avoid abnormal traffic detection,” Shabab added.
To boost enterprises’ and organizations’ defenses against AI-assisted APT attacks, Shabab suggests the following:
- Advanced security solutions: Implement security solutions that use advanced methods to monitor user and system behaviors. This can help identify deviations from normal patterns, potentially signaling malicious activities.
- Regular Software Updates: Keep all software, applications, and operating systems up to date to mitigate vulnerabilities that attackers might exploit.
- User Training and Awareness: Train employees on cybersecurity best practices, including recognizing and avoiding social engineering attacks and phishing attempts.
- Multi-Factor Authentication (MFA): Enforce MFA for accessing critical systems and applications, reducing the risk of unauthorized access even if credentials are compromised.
To learn more about Kaspersky’s advanced security solutions, interested customers can visit https://www.kaspersky.com/enterprise-security.
Kaspersky will continue the discussion about the future of cybersecurity at the Kaspersky Security Analyst Summit (SAS) 2023, happening in Phuket, Thailand, from 25 to 28 October.
Interested participants can learn more here: https://thesascon.com/#participation-opportunities.
Leave a comment