Navigating the threat landscape: the evolution of cyberthreats and AI-powered attacks

By Markus Nispel, CTO EMEA at Extreme Networks.

  • 11 months ago Posted in

As artificial intelligence permeates the digital security realm, cybercriminals are exploiting its capabilities to refine their phishing techniques. The accessibility of AI matched with the emergence of the dark web's cyberattacks-as-a-service strategy means anyone can become an attacker - cyber knowledge is no longer a requirement for bad actors. This is why robust threat prevention and response strategies stand as the linchpins to safeguarding sensitive data and preserving networks.

The current risk environment

It’s not a matter of if, but when a company will be compromised. Beware of any security provider promising foolproof solutions for your infrastructure – such claims are often misguided. Proactive preparation is key. This includes developing comprehensive strategies to minimize both the attack surface and blast radius using zero-trust best practices. Rigorous procedures should be established for responding to successful attacks, covering both internal and external communication as well as for the aftermath, focusing on the restoration of business operations. While the rise of advanced technologies like the internet of things (IoT), AI, and quantum computing offers immense potential for good, it also presents a double-edged sword. In the hands of malicious actors, these advancements have ushered in a new wave of more sophisticated cyberattacks, posing unprecedented challenges for cybersecurity. The advent of quantum computing adds another layer of concern; the day has come when all previously stolen data could be unencrypted in an instant.

In particular, the response to generative AI has been monumental. We’ve seen political leaders creating diplomatic ties with big technology companies to understand its capabilities, and we’ve seen most industries charging ahead with plans to implement it. CEOs are recognising the way generative AI is transforming the way we live, work and engage with systems. This technology holds the power to revolutionize user experiences, enhance human tasks and increase overall productivity. But it's also crucial to acknowledge the potential threats they pose. As AI transforms the workplace, so does the potential for malicious actors to exploit these technologies for their own nefarious purposes.

New tactics for cyber criminals

The bottom line is, anything digital can be leveraged and manipulated by bad actors. It’s an ongoing arms race. By tapping into the computing power and data pool of these AI tools, hackers are able to analyse the behavioural patterns of their victims. This wealth of information in the hands of the wrong person can be catastrophic for businesses. One increasingly common use of this data for hackers is to adapt their phishing methods to create a more tailored attack approach that targets a victim’s vulnerabilities for a higher success rate. What does this entail specifically? Well, there are three key routes of attack that bad actors use through conversational AI:

The first centres around the fact that bad actors know companies have cybersecurity systems in place which are constantly monitoring, detecting and defending against bog-standard phishing attempts. With that in mind, they are pivoting to AI tools to identify a company’s outliers in real-time, with the likelihood of a higher attack success rate, given that they are less likely to face defences.

 

The second tactic is using conversational AI tools powered by sophisticated large language models (LLMs) like ChatGPT to create realistic phishing emails. Gone are the days of blatantly obvious spam emails with grammatical errors, telling the victim they’ve missed a delivery, for instance. Now, attackers can use seemingly legitimate emails or websites designed by AI to confuse victims into falling into these traps. What’s more, bad actors can easily come up with algorithms such as ‘tweaking an email by x will increase the penetration success rate by y%’.

 

The third way AI is used by bad actors is by combatting zero trust systems through identity theft. Zero trust looks at identity aspects such as: who is using the network? Who does what at which time? Is it normal for this vendor to access the network from this remote point? Identity is the key here, and understanding who belongs where and interacts where at what time on the network map is vital. Cybercriminals are now equipped to copy identities and bypass these authentication processes, allowing them to gain access to systems freely. Recently, we’ve seen news for example about the ability to control ChatGPT using voice commands, which raises further concerns of identity threats and opens systems up to an array of potential violations.

But AI is not the only way attackers are adapting their methods. Through the dark web, bad actors can now purchase pre-coded cyber-attacks-as-a-service as easily as buying goods off Amazon. In other words, bad actors no longer require the skill set of adept hackers to carry out cyberattacks. Instead, they can simply purchase these pre-coded cyber-attacks-as-a-service on the dark web. Combine this with the algorithms and knowledge that can easily be obtained through AI, and this means anyone can carry out an attack.

The consequences of these new cyber threats extend far beyond mere technological disruptions. As well as significant financial losses, there is the risk of reputational damage to the business and compromised customer trust. The precision afforded by AI-driven phishing tactics can lead to devastating breaches, tarnishing the image of companies and eroding the hard-earned trust of their customer base. The ease with which cybercriminals can now access pre-coded cyber-attacks-as-a-service on the dark web magnifies the scale of these repercussions. As the threat landscape intensifies, companies must recognise the multifaceted impact these attacks can have on their overall resilience and take proactive measures to fortify their defences.

So what’s the solution?

In the ever-evolving landscape of digital transformation, the inevitability of cybersecurity incidents requires a proactive and comprehensive approach. Enterprises are navigating a dynamic journey that demands readiness to contain, respond, and restore in the face of security breaches. Now more than ever, it’s time for IT leaders to turn their focus to networks through the best tools available.

A unified Zero Trust Security Policy serves as a foundational element, providing a consistent security architecture across diverse access points. The linchpin in this strategy is Universal Zero Trust Network Access (ZTNA), which, unlike conventional security models, streamlines IT management and enhances security by consolidating network, application and device access security within a single solution. In today's increasingly distributed organizational landscape, Universal ZTNA provides a simplified, yet powerful access layer that spans across any location where users connect to the network. This not only ensures secure operations but also facilitates cost-efficient practices and better support for a variety of scenarios.

Moreover, the integration of cloud platforms not only introduces simplicity and cost-effectiveness but also operates through a software as a service (SaaS) model. This model emphasizes a unified approach to managing infrastructure, reducing costs, and enhancing operational efficiency.

Reimagining network boundaries is also imperative. It involves recognizing the critical role of fabric technology as the cohesive thread that seamlessly connects various elements such as wired, wireless, SD-WAN, and fabric. By doing so, enterprises can create a unified and flexible network architecture that adapts to the demands of modern digital environments.

Finally, a collaborative approach is paramount, placing a significant emphasis on seamlessly integrating ecosystems and cultivating partnerships to establish secure connections among devices and applications. This strategic approach recognizes the intricate landscape of contemporary security challenges, emphasizing that security functions as a collective effort. By working together within an integrated ecosystem, organizations can better navigate the intricacies of cybersecurity, ensuring a more robust and resilient defence against evolving threats.

Ultimately, successfully navigating the complexities of today’s threat landscape demands a holistic commitment to identity-centric security, unified policies, cloud integration, and collaborative ecosystems. In an era marked by the escalating pervasiveness and sophistication of cyber threats, it becomes crucial to embark on a transformative journey toward establishing a resilient and agile enterprise. This journey requires a commitment to continuous adaptation and innovation, ensuring the perpetual improvement of security measures to adeptly counteract the ever-evolving landscape of cyber risks.

By Darren Thomson, Field CTO EMEAI, Commvault.
By Oliver Feiler, Head of Global Alliances and Strategic Partnerships EMEA, Nozomi Networks and...
By David Higgins, EMEA Technical Director at CyberArk.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical...
By Danny Lopez, CEO of Glasswall.
Nadir Izrael, Co-Founder and CTO at Armis discusses the importance of critical infrastructure...
By Darren Thomson, Field CTO EMEAI at Commvault.