- The Strategist - https://www.aspistrategist.org.au -
The impact of artificial intelligence on cyber offence and defence
Posted By Jason Healey on October 18, 2023 @ 15:00
NIST framework function | Ways AI might radically improve defence |
Identify | – Rapid automated discovery of an organisation’s devices and software |
– Easier mapping of an organisation’s supply chain and its possible vulnerabilities and points of failure | |
– Identification of software vulnerabilities at speed and scale | |
Protect | – Reduce demand for trained cyber defenders |
– Reduce skill levels necessary for cyber defenders | |
– Automatically patch software and associated dependencies | |
Detect | – Rapidly spot attempted intrusions by examining data at scale and speed, with few false-positive alerts |
Respond | – Vastly improved tracking of adversary activity by rapidly scanning logs and other behaviour |
– Automatic ejection of attackers, wherever found, at speed | |
– Faster reverse-engineering and de-obfuscation, to understand how malware works to more quickly defeat and attribute it | |
– Substantial reduction in false-positive alerts for human follow-up | |
Recover | – Automatically rebuild compromised infrastructure and restore lost data with minimum downtime |
Phase of Cyber Kill Chain framework | Ways AI might radically improve offence |
Reconnaissance | – Automatically find, purchase and use leaked and stolen credentials |
– Automatically sort to find all targets with a specific vulnerability (broad) or information on a precise target (deep; for example, an obscure posting that details a hard-coded password) | |
– Automatically identify supply-chain or other third-party relationships that might be affected to impact the primary target | |
– Accelerate the scale and speed at which access brokers can identify and aggregate stolen credentials | |
Weaponisation | – Automatically discover software vulnerabilities and write proof-of-concept exploits, at speed and scale |
– Substantially improve obfuscation, hindering reverse-engineering and attribution | |
– Automatically write superior phishing emails, such as by reading extensive correspondence of an executive and mimicking their style | |
– Create deepfake audio and video to impersonate senior executives in order to trick employees | |
Delivery, exploitation and installation | – Realistically interact in parallel with defenders at many organisations to convince them to install malware or do the attacker’s bidding |
– Generating false attack traffic to distract defenders | |
Command and control | – Faster breakout: automated privilege escalation and lateral movement |
– Automatic orchestration of vast numbers of compromised machines | |
– Ability for implanted malware to act independently without having to communicate back to human handlers for instructions | |
Actions on objectives | – Automated covert exfiltration of data with a less detectable pattern |
– Automated processing to identify, translate and summarise data that meets specified collection requirements |
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/the-impact-of-artificial-intelligence-on-cyber-offence-and-defence/
[1] Columbia University: https://www.sipa.columbia.edu/global-research-impact/initiatives/cyber/nyctf/defensible-cyberspace
[2] National Cybersecurity Strategy: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
[3] a recent Deloitte report: https://www2.deloitte.com/us/en/insights/focus/tech-trends/2022/future-of-cybersecurity-and-ai.html
[4] systemic advantage in cyberspace: https://www.lawfaremedia.org/article/understanding-offenses-systemwide-advantage-cyberspace
[5] said in 2014: http://geer.tinho.net/geer.rsa.28ii14.txt
[6] cybersecurity: https://www.weforum.org/agenda/2017/11/cybersecurity-artificial-intelligence-arms-race/
[7] arms race: https://theconversation.com/how-ai-is-shaping-the-cybersecurity-arms-race-167017
[8] in AI: https://techxplore.com/news/2022-02-ai-cybersecurity-arms.html
[9] Cybersecurity Framework: https://www.nist.gov/cyberframework/online-learning/cybersecurity-framework-components
[10] Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
[11] proposed: https://nap.nationalacademies.org/read/25488/chapter/3
[12] MITRE ATT&CK: https://attack.mitre.org/
[13] Cyber Grand Challenge: https://www.darpa.mil/program/cyber-grand-challenge
[14] needed to exploit vulnerabilities: http://users.umiacs.umd.edu/~tdumitra/courses/ENEE657/Fall19/papers/Avgerinos18.pdf
[15] AI Cyber Challenge: https://www.darpa.mil/news-events/ai-cyber-challenge
[16] spending on AI for cybersecurity: https://www.prnewswire.com/news-releases/artificial-intelligence-based-cybersecurity-market-grows-by--19-billion-during-2021-2025--technavio-301315494.html