Even though experts say that technology will make the world a better place, many believe that one-day technology would reach such a level that it might turn the table. It’s been decades and the debate is still one— who is better, machines or humans?
Today, with the advent of some of the most advanced techs — artificial intelligence (AI), IoT, ML etc., the world is witnessing a tremendous wave of innovations. However, the wave is not only about the innovations for the good, but there are also things that have emerged as threats for people as well as for companies all across the world.
How AI & ML Has Turned The Table
Over the years, AI has evolved significantly, and at present, it is used in several verticals. And with each innovation in technology comes the reality that AI and ML gradually have found their way out and now they’re increasingly being weaponized. For instance, hackers can make a phone number look like it’s coming from your home area code and trick your firewall like a machine learning Trojan horse. The level of sophisticated hacking is taking a whole new turn.
Technology is completely unbiased and even though the latest techs such as AI and ML are considered a force for good, in the hands of wrongdoers, these technologies can create some serious damage. So, should we get worried about this? Or just sit and watch these techs heading toward a future where they will battle it out with each other?
The Advent Of Adversarial Use Of AI and ML
There was a time when penetration testing was completely manual — pen testers would manually look for loopholes and vulnerabilities in software/applications. However, AI and ML gradually entered the space of penetration testing and made things automated. And with time, automated penetration testing came into the mainstream.
The main reason behind using automated tools is that AI and ML are very powerful technologies for security. While manual or rule-based tools are rigid, AI and ML models powered tools are dynamic that boosts up the process of finding vulnerabilities and loopholes. These models are built with a deep neural network (DNNs) that can make the machine capable of learning and adapting human behaviour such as decision-making. And in pen testing, these tools can quickly ingest data, analyze it, and produce results that are used for the next stage of the attack. That is not all, AI and ML powered tools can also generate data that attempts to mimic real data.
In terms of Open source platforms, the tables are turning here as well, and one of the best examples is Kali Linux, one of the most popular open-source testing OS. Over the years, it has become a go-to platform for all the pen testing enthusiasts. And being an open-source platform, it’s not only the organisations that have the access, but the wrongdoers also have the access. Hackers are using these kinds of platforms and tools to gather data from their target and later use that data to hack.
In terms of ML, a significant number of ML models in the cybersecurity space is black box. And that is what hackers are making use of. These deep learning models can be compromised, and the results can be altered. And that is the reason why explainable AI is becoming go-to for a number of companies across the globe — it not only delivers an outcome but it justifies it.
The pace at which technology is evolving, there is no doubt that even adversaries will increase their use of sought after tech such as machine learning to create attacks. And with that cyber attacks are prophesied to become more affordable as well as efficient at deploying new types of attacks. It is because AI and ML-based tools would let the hackers perform attacks and functions that would be virtually difficult for humans
Many might think that it’s all just speculation, however, that is not true. Hackers are always adaptable and just like a technology enthusiast they also keep their knowledge and skills updated to harness the latest tech and create fresh new ways to penetrate the new defences of organisations across the world. Its high time for enterprises that they prepare themselves for the upcoming, sophisticated adversarial AI & ML-based cyber-attacks.