As cyber threats continue to evolve, businesses must adapt their cybersecurity strategies to protect against increasingly sophisticated attacks. During the Kaspersky Asia Pacific Cybersecurity Weekend 2024, held in Negombo, Sri Lanka, from August 4 to 6, 2024, I had the opportunity to speak with Igor Kuznetsov, Director of the Global Research & Analysis Team (GReAT) at Kaspersky, about the evolving threats and defenses in the ever-changing cybersecurity landscape.
Offensive AI represents a cutting-edge form of cyber-attack that leverages machine learning algorithms to craft highly sophisticated and targeted assaults. By automating the attack process, this technology enhances both the efficiency and effectiveness of cyber-attacks. Offensive AI has the potential to target not just individuals, but also organizations and even entire nations.
The Role of Threat Intelligence & Emerging Cybersecurity Threats
According to Kuznetsov, for companies with mature security postures, acquiring threat intelligence from professional vendors has become a standard practice. However, not every organization can afford these resources, especially smaller enterprises. The challenge lies in aggregating and analyzing vast amounts of open-source information, which requires significant effort and expertise. An emerging concern is the exploitation of supply chains and trusted relationships.
“Right now, we see an emerging rise (of concerns) in the supply chain and exploitation of trusted relationships, and this is also related to local data leaks. Every data leak contains some information that can be used to infiltrate companies,” Kuznetsov said. These types of attacks involve infiltrating smaller suppliers to gain access to larger, more valuable targets, such as government organizations or major corporations. Kuznetsov also warned about the evolving tactics of ransomware groups, particularly their use of zero-day vulnerabilities that allow attackers to bypass traditional security measures. This underscores the need for a multi-layered security strategy.
Kaspersky’s Insights on Offensive AI
Kaspersky has been vocal about the potential offensive applications of Artificial Intelligence (AI) by cybercriminals. As AI systems become more advanced and accessible, they present new opportunities for adversaries to launch sophisticated attacks. Cybercriminals can use AI to automate attack processes, enhance social engineering tactics, and exploit AI vulnerabilities.
One significant concern is the use of AI for writing malicious software and automating attacks against multiple users. For example, AI programs can log users’ smartphone inputs by analyzing acceleration sensor data, potentially capturing sensitive information such as passwords and bank codes. In addition, Kaspersky’s research revealed that AI could significantly speed up password-cracking efforts. In a recent study, Kaspersky found that 78% of passwords could be cracked using an AI-trained language model, three times faster than traditional brute-force methods.
AI also poses a significant threat in the realm of social engineering. Large language models like GPT-4 can generate highly convincing phishing messages, overcoming language barriers and creating personalized emails based on user’s social media information. Deepfake technology further complicates the landscape, enabling criminals to impersonate individuals in audio and video, leading to significant financial losses through scams and fraudulent transactions.
The Importance of a Comprehensive Cybersecurity Strategy
One of the most common mistakes organizations make is failing to have a cybersecurity strategy at all. Kuznetsov emphasized the importance of threat modeling, which involves understanding who might want to attack the organization and why. This knowledge is crucial for building appropriate defenses. For businesses lacking in-house expertise, Kuznetsov recommended consulting with professionals to develop a robust cybersecurity strategy.
In response to the rising threat of AI-enabled attacks, Kaspersky has been proactive in using AI technologies to protect its customers. The company employs various AI models to detect threats and continuously researches AI vulnerabilities to make its technologies more resistant. Kaspersky also actively studies different harmful techniques to provide reliable protection against offensive AI.
Responding to Cybersecurity Incidents & Preparing for the Future
The Philippines tops the list of the most attacked countries in the Asia Pacific region, with 39.4% of Kaspersky users affected by online threats from January to July 2024. Globally, the Philippines ranks ninth, according to the cybersecurity firm.
When a cybersecurity incident occurs, Kuznetsov’s first piece of advice is to involve professionals, whether internal or external. However, they cautioned that if an organization is not well-prepared, there may not be enough evidence to investigate the incident properly. Preparation is key to handling incidents effectively and preserving crucial evidence.
As AI continues to integrate into everyday life through products like Apple Intelligence, Google Gemini, and Microsoft Copilot, addressing AI vulnerabilities becomes increasingly crucial. Kaspersky’s experience underscores the importance of having a multi-layered security approach, continuous learning, and proactive research to stay ahead of emerging threats.