Unleashing Pandora’s Box: The Threat of AI-driven Cybercrime

A lock inside a glass case

Carl Mazzanti

Image courtesy of Easy-Peasy.AI

Cybercriminals are getting smarter and their use of Artificial Intelligence (AI) is making their tactics more sophisticated and complex.

Bad actors are leveraging AI technologies to develop innovative tactics, techniques and procedures which pose significant challenges for cybersecurity professionals and organizations worldwide. However, law enforcement and other security organizations can create the opportunity to work together with cybersecurity professionals to stop attacks. This collaboration can help reduce the impact of attacks on operations and data security.

Cybercriminals often use AI for social engineering and phishing attacks. Chatbots and conversational agents – powered by AI – can imitate human interaction very accurately, enabling cybercriminals to engage in convincing conversations with potential victims. During these interactions, they can gather sensitive information, such as login credentials and personal data.

Attackers are also increasingly targeting law enforcement agencies which can put the general public at risk. Earlier this year, for example, a hacker used an E-mail message – which appeared to come from the Miami Dade State Attorney’s Office (SAO) – as a way to get multiple North Miami Beach Police Department employees to open what appeared to be a legitimate document from members of the SAO staff. The SAO itself released a statement calling the hack a “very sophisticated” phishing intrusion.

AI-driven malware represents another significant threat to sensitive data. Machine learning algorithms can adapt to security measures, making it hard for antivirus software and intrusion detection systems to detect malware. AI algorithms can also analyze stolen data to find valuable targets, such as high net worth individuals or organizations with weak security.

Such old-fashioned security methods such as looking for signatures and following rules are no longer effective against advanced AI threats which can change and grow rapidly. Consequently, your response to these and other threats should leverage such layered operational defenses as Multifactor Authentication (MFA) where users must provide additional identity verification – like entering a code received via phone or other device – before they can gain access to an account or an app. A layered defense will also include solutions like comprehensive file backup with cloud-based or other offsite storage, a well-developed and updated incident response plan, strong password policies, good user cyber hygiene, and security awareness.

Additional defenses, like Security Incident Event Monitoring (SIEM),and a 24 x 7 x 365 Security Operations Center (SOC) are also critical components. The SIEM component is a cybersecurity layer which collects and tracks information or data and can alert your organization that cybercriminals are probing your perimeter, while a well designed, scalable SOC service will integrate real-time automated monitoring with 24 x 7 x 365 human expert analysis of critical infrastructure device logs. SOC response teams use best practices in the industry to protect against ransomware and other threats.

The SOC teams proactively work to prevent threats by taking action to mitigate and remediate them, either remotely or onsite. These cybersecurity teams also offer managed detection and response services to ensure the security of your organization.

Remember to also back up your data regularly. Set up automatic downloads for patches or software updates. This will ensure that updates are installed on time. As an additional measure, law enforcement and other security agencies should restrict access to their Web sites using geo-blocking. This will prevent hackers from certain high-risk countries from accessing their systems. 

Consider the Human Angle

Security awareness training can further reduce risky employee IT behavior which may lead to security compromises. One effective security method is penetration testing, whereby a skilled tester uses hacker methods to identify system weaknesses.

Sensitive data held by law enforcement and security agencies is becoming more important. This has caused an increase in ransomware and other dangerous threats. When your agency works with an experienced cybersecurity partner to embrace appropriate learning and other resources, you will be less attractive to hackers and will reduce your chance of being victimized by digital criminals.

Carl Mazzanti is President of eMazzanti Technologies (emazzanti.net) in Hoboken, NJ, providing IT consulting services for businesses ranging from home offices to multinational corporations, municipalities and police departments.