IT security company Webroot, in its Quarterly Threat Trends Survey, pointed out that 86% of security professionals are concerned that artificial intelligence (AI) and machine learning (ML) could be used against them. History tells us that for every game-changing innovation, there are numerous ways to exploit and misuse them. AI and Cybersecurity provide many benefits, but there are also unintended consequences on society.
We dive into the shadowy world of weaponized AI and ML to find out how we can prevent cyber attacks.
What Exactly is Artificial Intelligence?
Artificial intelligence is the simulation of human intelligence that computer systems and machines process. It is able to do human tasks like speech recognition, translation, visual perception, and even decision-making, among others. AI is in everywhere, from chatbots telling you the weather, Siri or Alexa converting voice commands to search results. There are self-driving cars, and Netflix recommending movies and shows through your previous selections. IBM’s Watson has the ability to diagnose cancer and even beat human contestants on Jeopardy, for example. AI essentially works like a human brain that thinks with minimal human intervention. Ultimately, it can make decisions based on complex situations to make human lives better and easier.
AI in Nefarious Hands
AI and ML are being used for social engineering. Hackers use it to infiltrate the public domain. They mine large databases and get into social media accounts to extract personal information. Furthermore, hackers can monitor emails, text messages, and social media activity through phishing.
In 2016, two data scientists conducted a phishing experiment on twitter to see which could obtain information faster—humans or artificial intelligence. The AI, called SNAP_R, sent phishing tweets to more than 800 users at a rate of 6.75 tweets a minute and lured 275 victims. In contrast, the human participant sent only 1.075 tweets per minute, making 129 attempts, and luring just 49 victims.
How do Hackers Weaponize AI?
Sentient robots taking over the world is the least of humanity’s concerns. Today, we have augmented reality, an application of artificial intelligence. This technology uses facial mapping and AI to make an existing video of a person say something completely different. For example, hackers could use this technology to hijack a video of a politician or a celebrity to make them behave a certain way. This ultimately empowers hackers to impersonate people for ‘deepfake’ videos that propagate fabricated news. The US government fears this will happen soon, and is exploring ways on how to detect fake images and videos.
Hackers continually create malware that mutate and avoid detection. Some computers and networks are not able to identify these malware and prevent phishing. Because of this, some can gain access to your cloud accounts and leak personal information or steal your identity. AI can also use a multiplier effect to a malicious campaign by making the process faster and easier, and increase the number of targets.
Hackers could also use AI to remotely control autonomous weapons like drones and target certain individuals by facial recognition.
The stock market is a target for manipulation, especially that there are only a small number of highly influential stock market analysts. Hackers may bloat specific stocks, therefore letting analysts think and decide differently based on the existing market. They then can make strategic buys or sells based on these AI-manipulated stocks.
And as artificial intelligence could require input from different devices, it could benefit from the prevalence of IoT, or the Internet of Things. AI can creep inside your mobile accounts and manage other accounts and devices—from banking, using your Facebook to phish, and even opening the automatic locks of your house.
How We Can Combat Cyber Attacks
Hal Lonas, Webroot’s CTO, suggested a handful of actions we must take to stop cyber attacks from happening:
1. Have a contextual view of threats
Organizations must have a complete understanding of the threats they receive so they can generate an accurate assessment of their cybersecurity. From there, they can make broad and specific plans that can be realistically executed.
2. Hire and develop AI and ML learning experts
Human intelligence will have to train machines to distinguish good from bad and flag unknown threats.
3. Learn to use automation to your advantage
Cyber criminals are continually developing new threats. And as they continue to innovate, companies need to be more creative in addressing these looming threats. They can deploy AI to solve smaller and simpler problems so human experts can put more effort into solving much bigger problems.
4. Develop your own brand of defensive AI
These AI measures must be better at detecting patterns, and predicting anomalies and social engineering attacks to protect the public’s privacy. The stronger the AI measures for cybersecurity, the safer people are from cyber crimes.
5. Be careful with links
Be wary of messages sent from suspicious email addresses. Don’t click links from these strangers as these links could be phishing for your personal information. Similarly, take advantage of browsers like Chrome that indicate if a website is safe to visit. A legitimate website would have an Extended Validation certificate, and if not, the browser will also let you know if the site is not safe to visit.
6. Make passwords a priority
Change your passwords every few months. Also, make sure these passwords are not easy to guess and have a different one for each online account. You may also use password management services like LastPass to safely log in to any of your saved accounts.
7. Use antivirus software
Use one of the many paid and free software for your personal computers. If in case you clicked or downloaded something from a questionable source, an antivirus software acts as another layer of protection.
There are a lot of innovations being developed that can be used against us. Hackers are always capitalizing on artificial intelligence to steal and profit from our personal information. However, we must constantly commit to shield ourselves from cyber harm as much as we physically protect ourselves from robbery. Social engineering will only cripple us if we fail to do our due diligence and prepare for any kind of attack.
Sources: Quarterly Threat Trends Survey, https://www.webroot.com