AI Massively Increases the Volume of Cyberattacks
Cybersecurity expert Oded Vanunu from Check Point warns about the number of attacks rather than the quality of cyberattacks by AI.
Oded Vanunu is one of the world’s most renowned cybersecurity experts. In his numerous appearances at important conferences on cyber warfare, he repeatedly warns of the massive increase in cyberattacks, partly because AI makes hackers’ work easier.
Hackers are increasingly utilizing AI. Does this mean that security solutions are no longer adequate for protecting organizations?
The solutions available today for defending against cyberattacks are essentially good enough. However, with the integration of AI, the volume of cyberattacks is expected to increase. Consequently, an organization’s cybersecurity teams need to understand that they will have to defend against many more attacks than before.
How is AI altering attackers’ approaches?
From the perspective of attackers, the process typically begins with identifying a target against which a cyberattack is to be executed. Hackers collect information to capture the target’s digital footprint, encompassing the entire digital inventory including web servers, domains, users, and services. Subsequently, they develop the appropriate cyber weapons tailored to the target.
For instance, if data reveals an unpatched security vulnerability in a web server, a cyber weapon is crafted to exploit it. This weapon is designed to exploit the vulnerability and facilitate a secondary attack. Once developed, the cyber weapon undergoes testing to ensure its efficacy. Traditionally, these three milestones consume significant time and resources from a hacker’s perspective. However, with AI, these processes are largely automated, significantly easing cybercriminals’ efforts.
Thus, AI primarily amplifies the quantity rather than the quality of attacks. Does this imply that companies do not necessarily need a new defense strategy?
From a defensive standpoint, new strategies must also be driven by AI. This entails substantial investments in automating and monitoring anomalous activities. With AI, companies can swiftly gain insights into their entire digital inventory and execute automated defense procedures more effectively.
Are attack tools now readily available for purchase online?
Recent investigations have revealed the widespread availability of tools focused on generating malicious activities. These tools, found on the darknet or platforms like Telegram, concentrate on orchestrating campaigns, phishing, and domain manipulation. They leverage pre-existing models to automate the entire attack process, facilitating malicious activities. This trend indicates an impending surge in attack volume.
You mentioned that the COVID-19 pandemic has influenced hacker groups’ behavior, leading them to migrate from the dark web to platforms like Telegram. What repercussions has this shift caused?
The accessibility of attack tools has expanded, marking the advent of B2C services for cybercrime. Previously, hacking services were procured using cryptocurrencies, but today, the incentive for hackers is financial gain. Through these B2C channels, users can easily engage in malicious activities such as launching denial-of-service attacks on websites.
Does this mean that hacking is now within the realm of amateurs rather than exclusively for professionals?
Indeed, hacking activities have become more accessible to average users. In today’s digitally interconnected world, everyone possesses a profile, making individuals susceptible to various cyber threats. Consequently, there’s a heightened interest in perpetrating activities like sending fake emails and deploying malware for financial gain. These services can be easily purchased, eliminating the need for professional hacking skills.
You’ve identified numerous security vulnerabilities in major platforms like WhatsApp and Instagram. Do you believe that platform operators are somewhat negligent with their software?
Regarding software security, I believe that operators and technology providers—particularly major companies—are investing substantially in secure software. However, the primary challenge lies in addressing rampant account takeover and theft. Most operators need to enhance their efforts to promptly alert users about potential account compromises, as user dissatisfaction could lead to platform abandonment.
Encryption has been proposed as a solution. Could encrypting all communication and data mitigate these risks?
No, universal encryption isn’t a panacea. While encryption safeguards data during transmission, users often interact with clear data on platforms. Privileged users, such as administrators, are prime targets for attackers. By infiltrating these users’ devices through social media or email, attackers can circumvent encryption and access decrypted data.
In the realm of cyber offense, attacks vary in complexity, sometimes comprising multiple stages. Effective defense entails comprehensively safeguarding vulnerable points and understanding the broader threat landscape. What, in your opinion, poses the greatest risk to companies presently?
The foremost risk companies face is the anticipated surge in attack volume. Consequently, companies must recognize this threat and formulate comprehensive defense strategies accordingly.
There appears to be a glaring disparity between escalating security budgets and the success of hackers. From a company’s perspective, this could be frustrating. What recommendations do you offer to combat this frustration?
Firstly, it’s crucial to acknowledge that cyberspace represents a new frontier of warfare. Analogous to governments’ allocations for physical security, companies must continually augment their investments in cybersecurity. Although vulnerabilities may persist, technological advancements can prevent the majority of cyberattacks. Nevertheless, given the nature of this warfare, the pursuit of vulnerabilities remains a perpetual endeavor.”
is Head of Products Vulnerability Research at Check Point Software. He is the author of the book Cyber and Hacking in the Worlds of Blockchain & Crypto. Oded has been involved in exposing major vulnerabilities on platforms such as Facebook, Instagram, WhatsApp, TikTok, Amazon’s Alexa, Fortnite, Atlassian, OpenSea and many others.