Fighting fire with fire: Using AI to tackle AI-based cyberthreats

Fighting fire with fire: Using AI to tackle AI-based cyberthreats

John Flatley, Consulting Systems Engineer, Email Protection at Barracuda, shares insights on how organisations can utilise AI to combat cyberthreats fuelled by the technology itself.  

Cyberattacks are costly. Not just in terms of direct financial losses, such as a ransom payment or a fraudulent money transfer resulting from an email scam, but also through operational disruption, productivity loss, damage to brand reputation and customer trust and through the resources required to fix and recover from the attack.

Recent research among IT security professionals found that the average annual cost of dealing with cyber incidents comes to around £4.1 million. It has never been more critical to have security solutions in place that can withstand the latest tools and techniques leveraged by cyberattackers.

One of these is Artificial Intelligence (AI). AI tools such as Generative AI can make it easier for attackers to scale their attacks and increase the chances of success. However, this is not a one-way street. AI can also equip defenders with advanced tools for identifying, understanding and neutralising threats.

Here we explore potential AI-driven cyberattacks and how organisations can leverage AI to strengthen their own defences to combat these threats.

AI-enabled cyberthreats

Some of the ways in which cyberattackers can harness AI include:

To launch phishing campaigns: Generative AI enables attackers to automate content creation for use in phishing, spear phishing or business email compromise. It enables them to create personalised messages more quickly and easily. These emails are often indistinguishable from legitimate communication, significantly increasing the likelihood of deceiving the recipient.

AI tools can also assist in scanning publicly available data to find and customise attacks and closely imitate communication styles to trick recipients. As a result, attacks are both more effective and can be launched more rapidly.

To localise content for social engineering: In the past, grammatical errors would be a warning sign of a social engineering attack, such as phishing. However, AI can help cybercriminals to tailor highly convincing phishing campaigns with localised linguistic, cultural and industry contexts. The inclusion of regional cultural references, industry terms and local brands help to enhance their success rate.

Access and credential theft: Cyberattacks often start through the theft of credentials, enabling attackers to compromise an account and gain access. AI tools can help attackers to create fake login pages that look very similar to legitimate websites. They can also scale up credential stuffing attacks with the fast verification of large sets of username and password combinations that come from data breaches.

Amplified DDoS attacks: AI-powered botnets can orchestrate Distributed-Denial-of-Service (DDoS) attacks with enhanced coordination and automation. They can also evolve to evade traditional algorithms that use historical datasets to detect bots.

Deepfakes: AI can be used to create highly convincing fake videos and audio, used to impersonate trusted figures. These can be used to manipulate perceptions, spread misinformation, or engineer sophisticated social engineering attacks.

The creation of adaptive malware: A further shift is the creation of AI-driven malware through which cybercriminals can automate vulnerability discovery and exploit weaknesses. They can also use tools to create adaptive malware which makes traditional signature-based security measures less effective, as the malware can alter its appearance faster than these measures can adapt.

How AI can improve security

AI-driven tools will help security teams to bolster their defences against all threats, including those leveraging AI.

Email security: AI-powered phishing detection is highly effective, particularly when it comes to more sophisticated social engineering. Beyond recognising known phishing signatures, AI examines email behaviours and content anomalies, leveraging natural language processing to assess sentiment and context. This enhanced detection mechanism greatly lowers the chance of a successful email-based attack, particularly those employing Generative AI techniques to mimic legitimate communications.

Automated incident response: AI is enabling teams to speed up and improve incident response. From automating incident identification so that teams can focus their efforts on the most critical incidents, to orchestrating playbooks and automating tasks such as blocking malicious IP addresses. AI-powered systems can also enhance the overall effectiveness of security operations centres (SOCs) by finding and eliminating threats faster, using data from multiple sources.

Powerful application security: AI’s anomaly detection capabilities are also key to identifying and neutralising threats targeting applications. By adjusting Machine Learning models in real-time, AI reduces false positives, allowing for a more accurate distinction between legitimate users and malicious bots. AI’s ability to detect anomalous access attempts and reconnaissance activities further tightens security, providing a robust defence against zero-day exploits and sophisticated cyberattacks.

Enhanced threat detection and intelligence: AI’s Machine Learning algorithms can analyse vast datasets to establish baseline behaviours, flagging anomalies to indicate potential threats. This includes unusual network traffic or user behaviour and unexpected system activities. Furthermore, AI-powered behavioural analytics enhances early threat detection by monitoring deviations in communication patterns and unusual account access habits. This is valuable both against fast-moving, AI-assisted attacks and in detecting insider attacks.

Embracing AI for resilient cybersecurity

As cybercriminals harness AI to craft more sophisticated attacks, it’s becoming more important for organisations to adopt AI-driven defences. By leveraging AI’s capabilities in anomaly detection, threat intelligence and automated response, businesses can respond to threats and incidents more quickly and effectively.  In this way, AI can help defenders cope with the fast pace of attacks and anticipate and stop new threats before they break through.

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive