Cyberattacks will further intensify, causing leaks of highly valuable information and broadening accessible targets. The industrialization of cyberattacks has also progressed. Advanced technologies, including AI, to counter intensifying attacks are imperative, and ensuring the proper use of technology and the accumulation of information vital for cyber defense is required.
Targets of cyberattacks are continuing to expand from individuals and organizations to critical infrastructure. Even essential infrastructure such as power grid and factory control systems are now connected to the internet for remote management and control of equipment and devices. This means that cyberattackers have access to these infrastructures. Major cyberattacks are occurring throughout the world. For example, the large-scale blackout in Ukraine, the failure of the railway operation system in Sweden, and other attacks have panicked citizens and inflicted heavy damage to the economic activity of organizations.
An increase in the number of IoT devices is also helping to expand the range of cyberattacks. In fact, many IoT devices still do not have adequate cybersecurity measures in place, presenting an easy point of entry. In particular, cars are now connected to more external networks than ever, such as for wireless updates of built-in firmware and automatic emergency notification systems. This might pose a risk to human lives. A technique was presented at a recent international conference that exploited the vulnerability of auto navigational systems to rewrite the built-in firmware and remotely control the vehicle1. To address issues such as these, in August 2017 Great Britain announced new guidelines2 for cybersecurity of connected cars. Other countries are also forging ahead with their own cybersecurity plans and regulations.
1 The demonstration took place at a Black Hat global international security event
2 Principles of cyber security for connected and automated vehicles
The year 2017 was the year of ransomware. Ransomware is also called ransom-demanding malware because it encrypts the data on an infected personal computer and demands a ransom in exchange for the recovery of the data. Armed with a cyber-weapon that can infect another computer automatically, ransomware went on a rampage in May of last year infecting over 300,000 computers in more than 150 countries. Attacks targeting system vulnerability also show no sign of ending. In the United States in September 2017, personal information such as the social security numbers of more than 100 million people was made public, sending shock waves throughout the country.
Attackers are also threatening society in a variety of other ways. The damage from compromised business email, in which the sender pretends to be a business contact or management and falsely instructs the recipient to send money, reached approximately $5.3 billion dollars between October 2013 and December 2016. A more recent phenomenon is called cryptojacking, in which the attacker uses the computing ability of the device he/she has successfully hacked without authorization and mines virtual currencies.
One of the factors that has accelerated cyberattacks is the use of AI. For instance, one presentation at a 2017 international hacker conference3 demonstrated malware that repeatedly learned how to avoid security software. AI can also be misused for many different applications including automatic generation of malware, the discovery of attack techniques and the exploration of targets and mass generation of spam mail with ingenious texts difficult to authenticate.
Cyberattacks are themselves becoming a booming industry. An ecosystem of evil has been formed in which individuals, organizations and services with specific expertise cooperate to plan and implement profitable attacks. These include companies that provide the service that performs the attacking, organizations that create malware and service companies that study vulnerability. Given such a successful hacker alliance their power is expected to continue to increase.
Since it is difficult to verify the effectiveness of cybersecurity measures, these have often been placed on the backburner in the past. However, once an attack hits the damage is often enormous including the labor incurred for recovery, compensation to parties involved and the loss of brand and social equity. Organizations and companies must realize that it is time to seriously include cybersecurity as a management strategy.
3 DEF CON® 25 Hacking Conference
As the threat of cyberattacks multiplies, organizations and companies must fundamentally increase defensive readiness. These plans must include multiple security countermeasures and defense in depth. Part of this multilayered defense can include the use of AI at a variety of locations, such as endpoints (network boundaries, terminals, etc.) and the data managed in terminals. For example, AI can learn communication patterns and normal operating conditions. When suspicious behavior is confirmed, the AI will issue a security alert and begin a quarantine process by shutting off network connections to curtail a suspicious process. More powerful antivirus software has also emerged that can detect unknown malware by having AI learn its characteristic behaviors.
AI is also being used in determining system vulnerability to cyberattacks. Such tests can establish whether or not the code is susceptible to a wide variety of vulnerabilities previously overlooked. Of course, security countermeasures are advancing outside of the AI field as well. Two examples include security chips that verify if firmware has been manipulated before starting the OS, and remote forensics to identify the cause of infection and provide rapid recovery.
In addition to cybersecurity measures to protect products in operation, adding built-in defenses for future products has become an important trend. Security by design is a development process in which security requirements of products connected to the internet are clearly identified in the planning and design phases, and countermeasures to improve security further are examined. This method is a widely adopted concept in IT, and it will be an essential one for the development of IoT devices in the future.
A group of experts called the Computer Security Incident Response Team (CSIRT) within many organizations is now responsible for the analysis and response to threat information. These efforts include responses when a vulnerability has been discovered, and management and decision-making after an incident occurs. However, the CSIRT receives countless alerts and threat information on a daily basis, which makes it difficult to prioritize and effectively respond. As a result, it is necessary to create an environment in which an AI-enabled machine handles certain kinds of threats while experts concentrate on the most dangerous ones.
In the past, much of the threat information was in natural language and interpretation by humans was required. However, AI is now able to analyze security-related reports, blog posts and attack notices and present its insights to experts. In addition, AI that make decisions like experts are being adopted in the field. These AI learn each behavior and decision made by experts including how they responded to past problems and acted against threat information once verified. This is enabling AI to build a 24/7 defensive environment.
As AI becomes integral to both cyberattacks and defense, battles in cyberspace will be transformed into AI versus AI combat. In such a world, the defense side must work together to collect the latest threat information and gather the means and approaches toward the development and growth of more robust AI. The sharing of intelligence beyond the boundaries of company and nation, and the establishment of a system that applies this acquired intelligence to defense are what is required for a cyber-safe future.