Machine learning (ML) is one of the main pillars of cybersecurity. This branch of artificial intelligence (AI) is present in most solutions that guarantee data and information security. It's a technology that allows people and companies to stay safe, helping them to block threats, such as malware and phishing, and to identify vulnerabilities. But there's another side. The dark side of the force. Cybercriminals also use AI and ML to develop more advanced and efficient threats and attacks.
Generally, when we talk about artificial intelligence and machine learning, we talk about the positive side, how AI and ML can help fight cyber threats. But in this post, we'll treat the issue from another perspective: how criminals are using AI and ML to make more effective and harmful attacks, especially to companies.
Our goal is to show you that even though cybersecurity solutions are evolving, malware, ransomware, phishing and other threats are evolving as well. Using artificial intelligence and machine learning, cyber threats and their creators have found new ways to spy, sabotage, spoof, destroy and commit frauds.
How machine learning is used in cyber attacks
1. Social engineering
Social engineering is a method, a technique used by cybercriminals to deceive and persuade people so that they provide confidential information or take a specific action, such as making a wire transfer or clicking on a malicious attachment. ML leverages crooks' actions by allowing them to collect information about companies, employees, and partners more easily and quickly. That is, machine learning potentiates the attacks that use social engineering.
2. Spam, phishing and spear phishing
Spam, phishing, and spear phishing are cybercrime types that rely on human failure to be successful. That is, someone needs to be cheated. ML is often used in these cases to train artificial intelligence with the goal of creating situations similar to real ones. Example: cybercriminals may use algorithms to understand the pattern of automated emails sent from Netflix or Apple to develop fake messages that look like the real ones.
3. Spoofing and impersonation
Spoofing and impersonation are techniques, terms used to refer to scams in which cybercriminals try to impersonate a company, brand or known person. With different algorithms, hackers can analyze in details different target aspects. Imagine that a hacker wants to impersonate your CEO to send you malicious emails. So he uses algorithms to understand how your CEO writes, using posts and articles from social networks. ML and AI can help create fake texts, fake videos, and even fake voices.
4. Ransomware, trojan, spyware and other malware
At some point, many cyber attacks use some form of malware, such as ransomware, trojan or spyware. Most malware infections occur by email and use attachments and malicious links. AI and ML have been used by hackers for the development of increasingly clever malware. There are malware capable of adapting to protection systems. This is what we call evasion techniques used by malware. In the end, we can say that it’s a struggle between bad machine learning versus good machine learning.
5. Vulnerability discovery
Artificial intelligence, machine learning, and its algorithms have been increasingly employed in the discovery of vulnerabilities in software and systems. Vulnerabilities are errors and bugs that allow applications to be hacked. AI and ML help to identify these errors and bugs more quickly and easily. In the past, for example, an error could be identified within weeks. Today the same error could be identified in minutes, depending on the case. The problem is when these errors are used for dark purposes.
6. Captchas and passwords
Machine learning algorithms can be used by cybercriminals in cases of violation of captchas and passwords. In the case of captchas, ML allows the criminals to train their bot (or robot) to overcome some protection barriers. Likewise, ML helps crooks in cases of brute-force attacks for the discovery of passwords and credentials.
7. Bots and automation
Several parts and phases of an attack can be automated with the help of machine learning. Imagine that a hacker created a phishing email. He needs to send the email in small quantities to certain groups each time. Algorithms can help him with this. DDoS attacks, which use botnets or zombie machines, often involve the use of algorithms to coordinate attacks and make them more lethal.
We don't write this article to discourage anyone or propagate fear. It's just important for people to know that machine learning and artificial intelligence are also used by cybercriminals. Despite all this, ML and AI stand out today as one of the main solutions to block threats and attacks. They’re technologies that really have to do with data and information security.
Here at Gatefy, for example, our algorithms play a key role in our clients' security. They help us predict, identify and block malicious emails, which means fighting malware, phishing, spam, and other attacks. So we have been investing heavily in creating sophisticated AI and ML. The goal is always to be ahead of the criminals. That’s the game.