IT security is one of the areas that is currently being changed by AI. On the one hand, AI helps criminals make attacks more efficient, sophisticated, scalable and evade detection. On the other hand, security departments and law enforcement agencies receive new tools to detect and attribute illegal activities more effectively.
Cisco Talos analyzed the current state of this race and found the following trends:
Increasing danger
Thanks to AI, cybercriminals need fewer and fewer people and knowledge for attacks and software development. This lowers barriers to entry, increasing the number of criminals and attacks, as well as the risk of detection when hiring accomplices in dark web forums. AI can analyze enormous amounts of data to identify weak points or worthwhile targets. This enables more effective attacks. More sophisticated attack methods include realistic audio and video deepfakes, large-scale disinformation campaigns, AI-driven bots, and credible fraudulent websites, phishing emails, and social media profiles. AI-driven development kits create adaptive malware that evades detection by security solutions. For example, it can change its processes depending on the environment.
AI can also be used to ensure that attacks only occur when the target is active. Until then, the malware hides in legitimate applications to avoid detection.
Improved security
ML and AI can detect unknown threats more precisely and effectively. For example, Cisco Secure Endpoint and Cisco Umbrella automatically detect and mitigate suspicious behavior on end hosts and networks. Analyzing large amounts of data also benefits security. It shortens response times to attacks and improves forensics. AI makes it easier for law enforcement agencies to attribute criminal activity to known groups. This provides insight into the attackers' motives and capabilities, as well as their tactics and possible future threats. Cisco Talos has been using machine learning, a subcategory of AI, to automate threat analysis for years. This includes classifying similarly designed websites and phishing emails, identifying spoofing attempts, analyzing binary similarities, and clustering to detect and filter new, previously unknown attack patterns in large amounts of data.
AI can be used to perform predictive analysis to predict potential cyber threats based on historical data and patterns. Companies can then patch vulnerabilities before they are exploited.
About Cisco Cisco is the world's leading technology company that makes the Internet possible. Cisco is opening new possibilities for applications, data security, infrastructure transformation and the empowerment of teams for a global and inclusive future.