The cost of data breaches is at an all-time high. According to IBM, the global average cost of a security breach currently sits at a staggering $4.9 million, spiking by 10% in 2024. These numbers are only expected to worsen, with USAID forecasting that cybercrime will cost the global economy $24 trillion by 2027.
This upward trajectory is driven in part by the emergence of a new threat: AI-powered malware. While AI has become an integral tool for business workflows and innovation, this technology has also proven particularly beneficial for malicious actors, allowing them to develop more stealthy and sophisticated tactics than ever before. In a world where everything is increasingly connected, it’s critical for businesses to anticipate the incoming wave of new threats and develop surefire strategies to not only mitigate incidents but stop them in their tracks.
COO and Co-founder of Goldilock.
AI’s double-edged sword: today’s threat landscape
In recent years, the world witnessed incredible advancements in the power of AI. While AI has helped strengthen cyber resilience, with technologies like automated phishing detection and predictive analysis, it has also become a severe threat to business networks. Stepping up from traditional malware that relies on static attack patterns, AI-powered malware is capable of adapting, evading, and learning, constantly evaluating ways to overcome obstacles and successfully inject itself into protected systems. Building on the knowledge from failed attempts to develop new attack strategies, the ever-changing nature of these threats makes detection increasingly difficult, and in turn, weakens defense mechanisms.
BlackMatter ransomware is an infamous yet prime example of how AI has dramatically changed the cyber threat landscape. As an evolution of DarkSide, BlackMatter has quickly become one of the most formidable ransomware threats, bringing a new level of sophistication to the space. Its AI algorithms are built to refine encryption strategies and analyze victims’ defenses in real time, allowing it to circumvent endpoint detection and response (EDR) tools that would typically neutralize ransomware threats. This evasion tactic ultimately renders conventional defences ineffective.
This dangerous shift in gear poses significant challenges to cybersecurity defenses. To effectively protect against these threats, businesses must first assess the biggest threats that lie ahead.
Autonomous attacks
With self-directed learning for real-time evasion, AI-powered malware can essentially ‘think for itself’, independently altering its behavior to bypass existing cybersecurity measures. In other words, no human input necessary. This leads to more frequent attempts in a shortened time frame, making it harder for defenders to counter new attack vectors, and increasing the likelihood of a successful breach.
Furthermore, AI-enhanced malware can spread across networks or systems without instruction. Once it’s infiltrated one machine, the malware self-propagates and infects other connected systems and devices within minutes.
Intelligent attack methods
AI-powered malware can also carry out more destructive ransomware attacks by identifying the most valuable files and systems to target. Instead of simply encrypting, AI algorithms can identify critical databases, financial records, or intellectual property to maximize disruption and increase the likelihood of a ransom payment.
Moreover, AI-powered malware can apply machine learning to mimic the behaviors of manual systems, making it more difficult for traditional intrusion detection systems to identify. It can even avoid detection by only executing malicious actions during off-peak periods.
Sophisticated targeting
AI can also be used to conduct highly targeted attacks by analyzing large amounts of data, such as social media profiles or network behaviors. This facilitates the weaponization of social engineering tactics, generating personalized phishing emails, which are harder to detect. For instance, an AI-powered phishing email might reference a known contact, a recent purchase, or even mimic the writing style of a trusted colleague. This level of personalization makes it much easier coerce individuals into clicking on malicious links, downloading infected attachments, or revealing sensitive information.
Combatting suspicious activity
Attackers aren’t the only ones that can apply AI to their cyber strategy. In fact, it’s important that defenders follow suit and employ AI-based threat intelligence solutions for effective mitigation. According to IBM, organizations that used AI and automation extensively in attack prevention averaged $2.2 million in cost savings than those that didn’t.
How can AI be implemented? This could manifest in AI-powered anomaly detection software, with continuous monitoring and behavior analysis to flag real-time threats, such as unusually high levels of entropy in software code.
Physical network segmentation
While software-based security measures are a key element of any cybersecurity strategy, data and systems remain vulnerable to AI-powered attacks that exploit vulnerabilities. The constantly self-developing nature of these threats calls for a different approach, which has led to a renewed focus on physical segmentation and isolation as a means of protecting networks.
Moving away from the ‘always on’, interconnected model of today’s systems, physical network segmentation is the practice of isolating different parts of a network using physical hardware, such as routers and switches, enabling organizations to establish secure zones with restricted access to critical systems and data.
In prevention, physically disconnecting digital assets from the internet when they’re not in use will significantly reduce the attack surface and provide a much higher level of protection for sensitive data and systems. This is particularly crucial for critical infrastructure, operational technology, and sensitive research data, which may not require constant internet connectivity.
In crisis, if one segment is compromised, the damage is contained within its isolated network, preventing the rapid spread of malware and cutting off connection before the problem worsens. This segmentation technique acts as a powerful defense-in-depth strategy that makes it notably harder for cyber threats to traverse the entire network and target sensitive areas.
Cyber resilience is in your hands
AI-powered malware presents a myriad of dynamic and unpredictable cyber threats. With its enhanced ability to learn, adapt, and autonomously exploit weaknesses, attackers can use AI to execute more sophisticated, evasive, and damaging attacks. Traditional cybersecurity measures are often ill-equipped to handle these advanced threats.
To truly combat cyber threats, there’s a need for a more tangible solution. By isolating different data sets and physically disconnecting from networks, businesses can rest assured they are optimizing their cyber resilience and mitigating the impact of successful attacks.
We've featured the best firewall software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
