Why cybercriminals are turning to AI

The cybercriminal marketplace is adept at adopting the latest advances in areas such as artificial intelligence to create more effective attacks. And experts at network security firm Fortinet anticipate this trend will accelerate this year.

The cybersecurity environment has become extremely complex because of the extension of the cloud.

"Cybersecurity challenges are increasing because of the spread of Internet of Things and as more and more people are working from home. This complexity creates additional risk, which can be seen in the cyberattacks that have grown in severity and complexity," said Patrice Perche, senior executive vice-president for worldwide sales and support at Fortinet.

He was speaking at an international media conference recently hosted by the company in Sophia Antipolis, France.

The world is facing a massive number of new security threats every day. These could be against governments, financial services or the manufacturing sector.

"We cannot fight threats with just volume increase, it has to be a combination of human intelligence and AI. We are also trying to integrate machine learning for a faster response to threats," Perche said.

The company sees cybersecurity as a battle where everybody - governments and companies - have to collaborate because of the scale of the threats. "It is all about partnership," Perche added.

According to Barbara Maigret, vice-president for international marketing and PR, digital transformation is probably the biggest revolution of our time. "It affects all aspects of our life, be it social, professional or personal. For enterprise organisations, digital transformation is a necessary condition for their future success," she said.

More companies around the world are putting digital transformation at the core of their future strategy. And data is becoming the fuel of the digital enterprise.

"To achieve digital transformation, organisations must inject digital into their business model and rethink their operating model. A digital ready network must be secure. Data is the most important asset of an organisation and must be protected across systems, devices and cloud. This creates a huge challenge for organisations. That is why most of them see cybersecurity as one of the biggest barriers for driving digital transformation," she said.

"To protect data, we have to rethink how we deliver security. It can be a revolution for some organisations and an evolution for some businesses and enterprises," said Ronen Shpirer, senior manager for solutions marketing for Emea.

He said companies should make employees their first line of defence by making them aware of the security risks and threats. According to Shpirer, software patching should be simple. Companies are investing millions in automating patching for their software environments, and yet it is truly challenging.

"In October 2017, there were 192 patches only for Microsoft. The WannaCry ransomware attack was based on a vulnerability that was known and patched only two months previously. If organisations had patched their systems the biggest ransomware attack would not have happened," he said.

"Companies sometimes think different parts of the organisation need different types of security. However, security must be the same throughout. All protection services should be from the same vendor or company to avoid security gaps. That is the only way to counter increasingly sophisticated attacks."

Shpirer said 99.5 per cent of malware samples are unique to an organisation. "The bad guys know how an organisation works and what operating system and security structure it uses," he added. The threat landscape is changing every day, so it is essential to find new ways of defence. A part of that is automation.

"We look at what humans are doing today and we try to automate their tasks so that they can work on more interesting things," consulting system engineer Simon Brydensaid.

He said ransomware is very big business.

Global ransomware damages are predicted to exceed $5 billion in 2017 while the average ransom demand in 2016 was $1,077. Statistics show that an individual is attacked every 10 seconds, a business every 40 seconds.

"It is still the easiest way to monetise malicious cyber activity. We are going to see a lot more ransomware over the next year or so. IoT and in-car are targets and you can be sure cybercriminals are looking at these for ways to put you in a position where you are willing to pay money quickly to get out of a tight situation. The easiest way to prevent ransomware attacks is to patch and backup. Even when you think that patching and backups are happening automatically, use available tools to verify that those patches are in place," Bryden said.

To achieve trustable AI takes time and this is where machine learning comes in, global security strategist Derek Manky said.

"We have people who train machines until they become grown up and do things on their own," he said.

Ransom of commercial services is big business and it also includes operators of smart cities. A web hosting service provider had to pay $1 million as ransom to get access to their services back, said Manky.

Last year, Fortinet collaborated with Interpol on a cybercrime case to help arrest a man based in Nigeria who stole $61 million in three months through business e-mail compromise. "You can expect to see more innovation in cybercrime economy as criminals seek better gains," he added.

The 20 billion IoT devices spread around the world are the weakest link for attacking the cloud. "The weakest link in cloud security is not in its architecture, it lies in the millions of remote devices accessing cloud resources. The hyperconnectivity of today has created a criminal playground that is increasingly difficult to secure," Manky said.

"Attacks like WannaCry and NotPetya foreshadow the massive disruptions and economic impacts possible in the near future. Fabric-based security approaches that leverage the power of automation, integration and strategic segmentation are critical to combat the highly intelligent attacks of tomorrow," he said.

Guillaume Lovet, director of product security, said WannaCry and Petya were not game changers in monetisation.

"WannaCry was actually a failure as it harvested less than $300,000, which is a very low figure. The reason is that this ransomware worm infected the wrong targets, mostly companies," he added.

He was of the opinion that cybercrime is not an issue of lax laws, rather it is an issue of governance and of political evolution.