Securing IoT Part V: Artificial Intelligence

January 28, 2021

Artificial intelligence is a powerful data analytics tool that unfortunately aids cybercriminals as well as cybersecurity personnel.

AI in Cyberattacks

AI assists cybercriminals in planning and executing attacks.

Information Gathering
Information gathering is used by cybercriminals to increase the success of attacks. For example, hackers may use algorithms to identify potential targets for phishing scams. AI can scan social media for an individual’s interests or shopping habits to determine the best spoof advertisements to catch their attention. A hacker could also use AI to gather information on a network’s security configuration. With probing attacks, AI will analyze the network’s response and identify weaknesses the hacker can exploit.

Impersonation is when a hacker pretends to be a person or service that they are not. This may take the form of spam emails, social media phishing or spoof texts and voicemail. In these instances, AI will analyze company email, social media, or phone messages and generate false imitations that an employee or follower could fall for.

Unauthorized Access
Unauthorized access involves situations where hackers force their way through security gates. For example, AI can use image recognition to solve captcha tests or generate enough educated guesses to discover login passwords.

Hackers use AI to generate inputs for crashing applications or services and to manipulate known malware to get it through security systems.

AI in Cybersecurity

AI aids IT security teams by managing cybersecurity tools and threat response.

Threat Anticipation
By mining the web and gathering data from sources like social media and news sites, AI works to predict possible future attacks and applies that information to threat identification.

Threat Identification
Possible errors in searching for cyberthreats include false positives and negatives, where a non-threatening element is flagged or a valid threat isn’t recognized. AI’s ability to quickly process data and learn from calculations allows it to identify fewer false positive and negatives than a human team working on their own.

Malware identification methods often use known virus signatures, which allows new viruses with unknown signatures to slip through. However, AI’s behavior analyses provide a greater likelihood of identifying and preventing breaches from new viruses without signature knowledge.

Incident Response
When a data breach occurs, AI identifies the attack in real-time and sends alerts to IT security. It automatically shuts down processes and prevents the spread of the attack, acting much faster than a human team could. AI is also a valuable tool in analyzing vast amounts of data following an attack to aid IT teams in identifying weaknesses and preventing future breaches. AI also assists in recovering systems affected by attack.

As such a powerful tool, AI appears to be the future of cybersecurity, for both the villains and the heroes.

>>>Read Securing IoT Part IV: Humans