Black Hat Attendees See AI as Double-Edged Sword
Cylance survey finds that 62 percent of infosec experts believe artificial intelligence will be used for cyberattacks in the coming year.
Last week at Black Hat USA 2017, the best minds in cybersecurity met to discuss the latest threats poised to make waves over the coming months. This included everything from a sophisticated WiFi worm, Broadpwn, which is capable of jumping from one mobile device to another via a shared wireless Internet connection, to an exploit that allows hackers to hijack connected car washes for destructive purposes.
One thing that was readily apparent at Black Hat this year was that artificial intelligence (AI) has officially arrived. Between the countless booths plastered with the promises of AI, machine learning, and automation (including our own), and various sessions focused on the use of these technologies for active defense, it was clear that the industry has high expectations for intelligent solutions. However, the rise of AI comes with its own drawbacks.
During the conference, Cylance surveyed 100 attendees on various topics being discussed at the show – from criminals using AI as a tool, to the impact nation-states are having on the U.S.
The following are key findings from the survey.
Criminals Will Likely Use AI for Offensive Purposes in the Next 12 Months
Sixty-two percent of surveyed attendees believe that there is a high possibility that AI could be used by hackers for offensive purposes. While AI may be the best hope for slowing the tide of cyberattacks and breaches, it may also create more advanced attacker tactics in the short-term.
However, increasingly automated cyberattacks won’t slow the adoption of AI for defensive purposes. In fact, as cybercriminals and nation-states begin using AI to increase the rate of attacks, the need for smarter solutions that can help human security teams keep up will only become more apparent.
Figure 1: More attacks Using AI Against Targets in the Next Year
The Shutdown of Dark Web Markets Won’t Slow Ransomware Activity
In light of the recent takedown of AlphaBay and Hansa, two dark web markets known for selling malware strains, Cylance asked respondents to weigh in with regards to whether they think these law enforcement initiatives would result in a decrease in ransomware attacks.
Unsurprisingly, Black Hat attendees were not optimistic, with nearly 4 in 5 respondents (79 percent) believing that taking down marketplaces on the dark web will have no impact on the frequency of this attack form.
Figure 2: Law Enforcement's Ability to Slow Ransomware by Shutting Down Dark Web Marketplaces
OS Patching and Updating Is Top Concern
Within their own organizations, Black Hat attendees are still concerned primarily with OS patching and updating (39 percent) and compliance issues (24 percent), followed by ransomware (18 percent), triaging alerts (10 percent) and identity and DoS attacks (8 percent).
In terms of what keeps them up at night, more than 1 in 3 (36 percent) are primarily concerned with phishing. 33 percent reported attacks on critical infrastructure as their top worry. Additional top concerns included Internet of Things (IoT) attacks (15 percent), ransomware attacks (14 percent) and botnet attacks (1 percent).
Figure 3: The Biggest Cybersecurity Issue Within Organizations in the Past Three Months
Figure 4: Attacks of Highest Concern Within Organizations
Russia and Nation-State Criminals Pose Biggest Cybersecurity Threat to U.S.
When asked about the biggest cybersecurity threat facing the U.S., Black Hat attendees were divided about whether Russia or non-state cybercriminals posed the biggest risk. Russia narrowly took the number one slot, with 34 percent of respondents naming Russia as the biggest threat, followed by organized cybercrime (33 percent), China (20 percent) and North Korea (11 percent). Despite elevated tension between the U.S. and Iran, only 2 percent of attendees named Iran as our top cyber-adversary.
Figure 5: Biggest Cybersecurity Threats to the U.S.
Based on our findings, it is clear that infosec professionals are worried about a mix of advanced threats and negligence on the part of their organizations, with little consensus with regards to which groups (nation-states or general cybercriminals) pose the biggest threat to our security.
As such, a combination of advanced defensive solutions and general education initiatives is needed, in order to ensure we begin moving towards a more secure future.