RHC Editorial Staff: July 3, 2024 09:16
The point of view of Umberto Pirovano, Senior Manager Systems Engineering at Palo Alto Networks: How Cybersecurity is Changing in the Short, Medium and Long Term
When discussing the role of AI in cybersecurity, it is essential to first consider the short-term impacts, because they are the most obvious and because this is uncharted territory that requires the ability to go beyond the immediate hype. For this reason, AI is expected to play a crucial role in large-scale disinformation campaigns on social media platforms. These campaigns can occur before, during, and after major global events, such as geopolitical conflicts and elections, that challenge trust in the ability to verify facts. Although hard evidence is lacking, open-source intelligence suggests a growing trend of AI being used in disinformation campaigns.
Darrell West, a senior fellow at the Brookings Institution’s Center for Technology Innovation, recently warned about the potential impact of this use case, saying that “there will be a tsunami of misinformation in the upcoming election; basically anyone can use AI to create fake video and audio, and it will be nearly impossible to distinguish the real from the fake.”
Support Red Hot Cyber through
This is echoed by the creation of deepfakes. While not directly linked to traditional cybersecurity, deepfakes are starting to be combined with social engineering attacks. This intersection of technology and manipulation is a source of concern for security professionals, especially as algorithms become increasingly refined to bypass traditional defenses that are unable to counter the most sophisticated attacks.
Medium-term impacts – More effective tools
In the medium term, we expect threat actors to further refine their tools with AI. For example, they could train AI models to identify a company’s Internet-exposed assets with their respective services running to help identify vulnerabilities potentially present.
We expect the threat to continue to grow in sophistication, with generative AI increasingly being used by cybercriminals to elevate their skills. It is important to note that these technologies, such as language models, are currently being used to support existing operations, but have not yet been fully utilized to create malware or conduct malicious campaigns at scale.
However, these technologies will most likely be used to improve attacks in the near future, for example to optimize and refine the texts of spear phishing emails, which could become more convincing thanks to the use of correct geographical references, jargon and grammatically accurate text even to address native speakers.
Additionally, we can expect the potential near-term use of generative AI for reconnaissance purposes, to gather information about specific, pre-compromise victims, such as netblock ranges, open services/ports, and even assist in vulnerability scanning.
Long-Term Impacts – AI-Powered Safety Co-Pilots
Looking ahead, we foresee threat actors developing their own AI-powered security co-pilots. These co-pilots could assist attackers in different stages of the attack chain, such as lateral movement and privilege escalation within compromised environments. While this concept is not yet a fully realized reality, there is growing attention and discussion on underground forums and social networks about how attackers can leverage AI technology.
AI and the Future of Cybersecurity
In short, AI is set to play an increasingly significant role in cybersecurity. As the technology evolves, it is likely to change the very way security professionals and SOC personnel approach their roles. While in the short term we can expect its use for disinformation campaigns and deepfakes, medium-term developments will focus on refining tools across the attack chain, such as reconnaissance and spear phishing. Finally, in the long term, we may see the emergence of AI-powered security co-pilots, used to make malicious activity even more effective.
All of this underscores the need for security professionals to remain vigilant and adapt to the evolving threat landscape. As the cybersecurity industry continues to evolve, it is clear that AI will be a driving force in both defensive and offensive strategies. Businesses and security leaders are tasked with staying informed, constantly adapting their defenses, and being prepared to effectively counter AI-fueled threats.
The Red Hot Cyber editorial team is made up of a group of individuals and anonymous sources who actively collaborate by providing preview information and news on cybersecurity and IT in general.
