Kaspersky experts say cybercriminals are using AI in stages of targeted attacks.
There are many reports that users can trick ChatGPT into writing malware. However, according to Kaspersky, the state of applying artificial intelligence (AI) in cyberattacks has gone a long way.
According to Noushin Shabab, a researcher with Kaspersky’s GReAT Asia-Pacific (APAC) team, AI can support a targeted and highly sophisticated online attack, also known as APT ( Advanced Persistent Threats). In addition to developing malware, AI can also be used in various stages of cyber attacks.
APT attacks use persistent, secretive, and sophisticated hacking techniques to gain access to the system and stay in it for a long time. Hackers do this through a series of stages from exploration, resource development, execution, and data theft.
Shabab said AI can help attackers find and understand potential targets by automatically analyzing data from multiple sources such as online databases and social media platforms, as well as collecting data from other sources. Collect information about the target’s personnel, systems, and applications used in the company. These systems can even uncover weaknesses from detailed employee reviews, third-party relationships, and the company’s network architecture.
An expert from Kaspersky said that phishing via email or social media is still a technique favored by APT groups in APAC, with up to 10/14 groups using this tactic to break into the target network. AI can help create personalized, persuasive phishing messages. These intelligent machines can also be trained to find the best entry point into the target network and choose the best time to launch an attack.
Artificial intelligence can also be used for a brute-force attack by trying a likely password. By analyzing user behavior, social media activity, and personal information, AI algorithms can make well-founded guesses about passwords, increasing the chances of successful access.
During the execution phase, the AI can adjust the malware’s behavior and adaptability in response to security measures. AI can also make malware mutate by changing the structure of the code to avoid detection by security tools. AI-driven non-technical attack tactics can also increase the likelihood of users interacting with malicious files and the likelihood of success.
At the survival stage, the AI can generate the most suitable script to launch malware based on user behavior analysis. AI-driven surveillance mechanisms can also monitor system changes and adapt “hide” tactics accordingly. Techniques used by AI can manipulate Windows Registry entries to update registry keys and avoid detection.
An expert from Kaspersky said that AI can help cybercriminals steal data more stealthily and effectively. Artificial intelligence can help hackers analyze network traffic to coordinate well with normal behaviors and determine the most suitable communication channel to steal each victim’s data. The technology can even optimize the cloaking, compression, and encryption of stolen data to avoid detection of anomalous traffic.
To strengthen the defenses of businesses and organizations against AI-powered APT attacks, Shabab says four factors are needed. The first is to deploy security solutions that use advanced methods to monitor user and system behavior, thereby identifying deviations from conventional models, potentially signaling potential threats. malicious activity of cybercriminals. The next is to keep software, applications, and operating systems up to date to minimize vulnerabilities that attackers can exploit