How AI shapes cybersecurity: Artificially intelligent cybercrime

Power of AI in cyber defence

How does AI enhance cybersecurity? In truth, AI has become an indispensable ally in the fight against cyber threats. Here are a few ways how:

1. Advanced threat detection:

AI can process vast amounts of data in real time, identifying patterns and anomalies that signal potential threats. By analysing network traffic, user behaviour, and system logs, AI systems can detect unusual activities that may indicate a cyberattack. AI models are trained on diverse datasets and telemetry, allowing them to recognise both known and novel threats. This ability to deeply analyse threats helps in identifying zero-day attacks, which are new threats exploiting previously unknown vulnerabilities.

2. Threat intelligence and analysis:

Large Language Models (LLMs) can distill complex threat information into easily understandable insights. These models can analyse vast repositories of threat data, summarising the latest trends, tactics, and techniques used by cybercriminals. By automating the analysis of threat reports, AI helps cybersecurity teams stay updated without sifting through extensive documents. This speeds up the decision-making process, and enhances the overall response strategy.

3. In-product AI assistants:

AI-powered assistants can help optimise system configurations, ensuring that security solutions are set up correctly. These assistants can guide users through best practices, recommend setting adjustments, and provide real-time feedback on detections, for example. They can also monitor the system continuously, alerting to any misconfigurations or deviations from standard security protocols. This minimises the risk of human error, which is a common entry point for attackers.

4. AI-augmented sandboxes:

By using AI to analyse behaviour in sandbox environments, security teams can gain deeper insights into how malware operates. AI can detect subtle changes in behavior patterns that may indicate malicious intent, even if the malware is designed to evade traditional sandbox detection. This detailed analysis helps in creating more effective signatures and heuristics for future detections, enhancing the organisation's ability to prevent similar attacks.

5. Improved anti-spam and anti-phishing measures:

AI can learn from previous email communications to detect anomalies that may indicate phishing attempts. By analysing email headers, content, and sender behaviour, AI can identify suspicious emails, and flag them before they reach the inbox. Nowadays, AI is even able to understand the context and intent behind messages, improving the detection of sophisticated phishing attempts that use social engineering tactics.

ESET’s journey with AI

How does ESET leverage AI to keep you safe? Take a look at the timeline to see our progress.

The dark side of AI: Advanced cybercrime

Of course, cybersecurity experts aren’t the only ones who are aware of the possibilities that AI offers. Artificial intelligence has become sort of a double agent, helping both the good and the bad guys. But how do cybercriminals use AI to achieve their malicious goals?

• Creating malware: Generative AI in the form of “dark LLMs,” for example, can be used to write malware. This AI-generated malware can learn from existing defences, and adapt to bypass them, making them highly effective and difficult to counter. At the same time, these tools could serve as on-ramps for cybercrime novices, helping them conduct attacks with an increasing cadence, thanks to AI helping with coding.
• Enhancing phishing attacks: AI can improve the quality and credibility of phishing emails, making them more convincing and harder to detect. AI algorithms can personalise phishing attempts by analysing the target’s online behaviour, and crafting messages that are more likely to deceive. Similarly, disinformation campaigns with deepfake photos or videos are now much easier for criminals to craft.
• Automating attacks: AI can streamline the process of identifying and exploiting vulnerabilities. Automated tools powered by AI can scan for weaknesses continuously, and launch attacks at scale, increasing the efficiency and frequency of cyberattacks.

Harnessing AI and Human Expertise:

Threat actors may come up with more elaborate ways to employ AI – for instance, to improve victim selection, or to imitate other threat actors’ typical campaigns to evade getting accurately identified and arrested. AI will continue to evolve, and so will its utilisation. That’s why prevention is more critical than ever. Regular training, updated security measures, and the use of reliable security software that leverages AI to keep cybercrime from harming your company are essential to maintaining a healthy cybersecurity posture in the age of AI.

For IT administrators, navigating the protection landscape involves a synergy between human intelligence and artificial intelligence. AI can assist in identifying patterns and anomalies that might be missed by human eyes, but it is the IT experts who interpret these findings, and take appropriate action. By combining the strengths of AI and the expertise of IT professionals, organisations can stay ahead of cybercriminals.