Hackers are using AI for cyberattack campaigns

There have been reports of users tricking ChatGPT into writing malware, but according to Kaspersky, the use of artificial intelligence (AI) in cyberattacks has come a long way.

AI can support highly sophisticated and targeted online attacks, also known as Advanced Persistent Threats (APTs), said Noushin Shabab, a researcher with Kaspersky’s GReAT Asia- Pacific (APAC) team. In addition to developing malware, AI can be used in various stages of cyberattacks.

APT attacks use persistent, covert, and sophisticated hacking techniques to gain access to a system and persist there for an extended period of time. Hackers do this through a series of stages from reconnaissance, resource development, execution, and data theft.

AI can help attackers find and understand potential targets by automatically analyzing data from multiple sources such as online databases and social media platforms, as well as gathering information about the target’s personnel, systems, and applications used within the company, Shabab said. These systems can even detect weaknesses from detailed assessments of a company’s employees, third-party relationships, and network architecture.

Kaspersky experts say that email and social media phishing remain the preferred techniques for APT groups in APAC, with 10 out of 14 groups using this tactic to break into target networks. AI can help create personalized, highly convincing phishing messages. These smart machines can also be trained to find the best entry point into a target network and choose the best time to launch an attack.

AI can also be used for brute-force attacks by trying out likely passwords. By analyzing user behavior, social media activity, and personal information, AI algorithms can make educated guesses about passwords, increasing the chances of successful access.

During the execution phase, AI can modify the behavior and adaptability of malware to counter security measures. AI can also mutate malware by changing the structure of its code to avoid detection by security tools. AI-driven social engineering tactics can also increase the likelihood of users interacting with malicious files and the likelihood of success.

In the persistence phase, AI can generate the most appropriate script to launch malware based on user behavior analysis. AI-driven surveillance mechanisms can also track system changes and adjust evasion tactics accordingly. AI-powered techniques can manipulate Windows Registry entries to update registry keys and avoid detection.

AI can help cybercriminals steal data more stealthily and efficiently, Kaspersky experts say. Artificial intelligence can help hackers analyze network traffic to better match common behaviors and determine the most suitable communication channel to steal data from each victim. The technology can even optimize the obfuscation, compression, and encryption of stolen data to avoid detection of unusual traffic.

Shabab believes that four elements are needed to strengthen the defenses of businesses and organizations against AI-powered APT attacks. The first is to deploy security solutions that use advanced methods to monitor user and system behavior to identify deviations from normal patterns that could signal malicious cybercriminal activity. The second is to keep software, applications, and operating systems up to date to minimize vulnerabilities that attackers can exploit.