For Kasperky’s Noushin Shabab, if unchecked, AI transcends its role as a mere accomplice in malware creation
AT THE Kaspesky Cybersecurity Week 2023, experts from the cybersecurity firm presented case after case of Artificial Intelligence (AI) being used in cybercrime in various ways.
Adrian Hia, Managing Director for Asia Pacific presented a video showing how cybercriminals used voice alteration and even deep fakes to convince a mother to release money to a person pretending to be her daughter. Although a dramatization, it mirrored an actual case that happened in China.
According to a Forbes article, written by Steve Durbin, who is Managing Director of Information Security Forum, AI can be used to enhance existing attacks, create new attacks, and automate and scale attacks. AI can also be used by cybercriminals to improve the effectiveness of traditional cyberattacks.
For instance, AI can be used to craft malicious emails that can bypass spam filters. Additionally, it can learn to spot patterns in behavior, understanding how to convince people that a video, phone call or email is legitimate and then persuading them to compromise networks and hand over sensitive data. This was the point that Hia made in his keynote–the weakest link are humans and education is the solution.
Cyber security experts at Kaspersky have unveiled a more intricate panorama, showcasing how malevolent actors can exploit intelligent systems at every phase of a sophisticated assault.
It is important to note that AI systems are not inherently malicious.
However, they can be programmed to perform malicious activities. Therefore, it is crucial to ensure that AI systems are designed with security in mind and are regularly monitored for any suspicious activities.
AI and APTs
The dialogue around manipulating ChatGPT for malicious code creation has been substantial. However, this narrative merely skims the surface of Artificial Intelligence (AI) integration into cyberattacks.
Noushin Shabab, a Senior Security Researcher for Kaspersky’s Global Research and Analysis Team (GReAT) across the Asia Pacific region.
Shabab’s illuminating discourse unearths the multifaceted role of AI, particularly in the realm of Advanced Persistent Threats (APTs), the pinnacle of intricate online onslaughts.
She paints a military tapestry of AI-powered tools that seamlessly navigate the phases of persistent threats. The fusion of AI and cyberattacks ushers in a new age of complexity, challenging cybersecurity professionals in their mission to fortify digital landscapes against the relentless evolution of threats.
The narrative takes a twist as Shabab propounds that AI transcends its role as a mere accomplice in malware creation. It infiltrates and permeates the multiple layers of a sophisticated cyberattack, as aptly explained by Shabab. Modern-day APT actors have evolved, entwining complex stratagems to elude detection and cultivating stealth methods for prolonged infiltration. This narrative amplifies the potential for AI innovation to embolden cybercriminals, right from the inception of reconnaissance to the ultimate extraction of critical data.
The very term “advanced” beckons forth an array of continuous, concealed, and sophisticated hacking maneuvers, illustrating the potential for far-reaching devastation. The essence of APT attacks is their unwavering quest for sustained access to a target system. Hackers achieve this via a meticulously choreographed sequence: reconnaissance, resource augmentation, execution, and data exfiltration.
Military tactics at work
Amidst these stages, reconnaissance stands as a pivotal phase in the APT’s life cycle. Shabab uncovers that no fewer than 14 active APT groups are navigating this landscape in the Asia Pacific. Of these, the Origami Elephant – also recognized as APT-C-35 or the DoNot team – emerges distinct for its endeavors in domain acquisition and virtual private server activities during the resource build-up. With a focus on South Asia, particularly countries like Pakistan, Bangladesh, Nepal, and Sri Lanka, this entity has honed in on government and military bodies since 2020.
Enter Lazarus, a notorious APT synonymous with cyber espionage and sabotage.
It forges its path via platforms such as LinkedIn, WhatsApp, and Telegram, whilst also exploiting vulnerabilities in WordPress sites for the deployment of malicious scripts. Shabab adeptly explores how AI’s potential in automating target identification and comprehension significantly enriches the reconnaissance phase.
By harnessing data streams from diverse sources like online databases and social media platforms, AI assists in deciphering critical information about a target’s human resources, system architecture, and application ecosystem. AI-equipped systems can even illuminate potential vulnerabilities by parsing through employee profiles, third-party affiliations, and network blueprints.
Though the involvement of AI in malware development is widely acknowledged, Shabab’s insights shed light on its role in refining attack infrastructure. This encompasses the procurement of network resources, the establishment of accounts, and the infiltration of network elements.
Intriguingly, Shabab proceeds to disclose that spear phishing retains its prime position as the preferred ingress technique for APT actors across the Asia Pacific. Among the 14 active cybercriminal groups, 10 bank on this stratagem for network breaches. Spear phishing, a strategic email-based deception, remains the launchpad for both data theft and the implantation of malware.
AI’s true prowess
AI’s true prowess unfurls during the initial access phase. It deftly crafts highly tailored phishing messages, pinpointing optimal entry points into target networks, and deftly timing attack launches by analyzing patterns in network and system activities. This strategic edge plays a significant role in circumventing security scrutiny or noisy network environments.
The narrative further delves into AI’s potential to amplify traditional brute-force attacks. By discerning probable passwords based on historical patterns, dictionaries, and past breaches, AI-driven password prediction escalates the odds of successful network penetration.
Transitioning into the execution phase, AI shines by tailoring malware behavior in response to security countermeasures. The application of AI-based obfuscation enables the creation of polymorphic malware, dynamically altering code structures to evade detection.
Execution entails AI-assisted command and scripting interpreters that scrutinize target environments, decipher system traits, and select optimal avenues for deploying malicious scripts or commands. The infusion of AI-enhanced social engineering tactics amplifies user interactions with malicious files, thus elevating the success rate of this phase.
Amidst the realms of persistence, a hallmark of APT prowess, Shabab unveils prevalent strategies in the Asia Pacific: Scheduled Task/Job and Boot or Logon Autostart Execution. AI’s prowess emerges in crafting adaptable scripts for malware execution, finely calibrated through user behavior analysis. Threat actors may even develop AI-fueled malware that dynamically recalibrates its persistence mechanisms based on the evolving target environment.
AI can drill down deep
AI-driven monitoring systems step in, tracking and recalibrating persistence strategies to obfuscate detection. The narrative takes a deeper dive as AI-guided techniques manipulate Windows Registry entries to manipulate persistence registry keys, eluding detection.
Shabab deftly navigates into the territory of data exfiltration, outlining AI’s potential in facilitating the covert and efficient extraction of pilfered data. AI’s analysis of network traffic patterns enhances integration with regular network behaviors, optimizing communication channels for data exfiltration. This strategic nuance extends to data obfuscation, compression, and encryption to seamlessly evade abnormal traffic monitoring.
In the grander scheme, Shabab’s discourse encapsulates AI’s potential to magnify the impact of attacks by augmenting the efficacy and efficiency of attacker actions.
