By Aamir Lahkani
Senior Security Researcher for FortiGuard Labs at Fortinet
As the modern threat landscape continues to expand, adding artificial intelligence (AI) to a security strategy has become paramount to establishing and maintaining an effective security posture. Given the speed and complexity of modern cyberthreats and the current cybersecurity skills shortage, network security teams need the assistance of machine learning and other AI-based capabilities in order to detect, secure, and mitigate modern attacks.
However, it should come as no surprise that while organizations are adopting AI to bolster their security efforts, cybercriminals are also adopting of things like agile software development, automation, and machine learning to potentially leverage AI themselves to better identify and more quickly exploit network vulnerabilities.
Due to the growing number and variety of IoT and OT devices entering network infrastructures, cybercriminals already have the opportunity and capability to launch rapid, complex attacks that these inherently vulnerable devices as entryways into corporate networks. The potential attack capabilities posed by AI will only further compound the threats to today’s digital transformation efforts.
As a result, AI may soon offers the means to either successfully secure or attack the IoT – effectively creating an AI arms race between cybersecurity professionals and cybercriminals. In order to protect digital transformations and maintain rigid security posture, it’s crucial that IT teams understand recent changes in cybercriminal strategies that could lead to an AI-driven threat environment in the next few years. They also need to understand which AI capabilities they need to begin to incorporate into their security stack now to maintain a consistent security posture while their network continues to evolve and expand.
The Shifting AI-Driven Threat Landscape
Cybercriminals have already begun leveraging automated and scripted techniques in an effort to drastically increase the speed and scale of their attacks. Thanks to these advanced capabilities, we’ve seen the volume of exploits skyrocket, rising 240 percent from Q1 to Q2 2018. This strategy is also laying the groundwork for cybercriminals to eventually adopt AI to automatically map networks, assess vulnerabilities, choose attack vectors, and conduct penetration testing in order to deploy fully-customized and automated attacks.
If history is any guide, as legitimate AI capabilities continue to increase in today’s networks its adoption among cybercriminals is inevitable. Cybercriminals are undergoing their own digital transformation, and as a result, they are already leveraging things like agile development to quicken the pace of malware development to outpace manual threat analysis and outmaneuver modern security solutions. The eventual adoption of AI will accelerate this process further.
As a result of the dramatic progress being made by cybercriminal malware and exploit developers, it’s no longer a question of if an organization will be attacked, but when. Unfortunately, many organizations still rely on legacy point product solutions, incorporating more than 30 different isolated products into their network on average, rendering their ability to adequately detect and respond to today’s advanced attack strategies obsolete. Simply put, as the cybersecurity skills shortage continues, those relying on manual threat analysis and detection, as well as security-as-you-go strategies, will not be able to keep pace with the advanced capabilities of today’s cybercriminals.
The Security Risks and Challenges Introduced by IoT and OT Devices
One of the largest areas of digital transformation happening across industries is the incorporation of IoT and OT devices into corporate networks. With more than a million new devices connecting to the internet each day, there’s an explosion of IoT data, most of which is designed to move freely between devices located in physical and cloud-based network environments and across widely dispersed geographic locations. As a result, this rapidly-expanding IoT environment is increasingly difficult for cybersecurity professionals to actively secure without hindering business efficiency and processes.
With IoT devices predicted to make up more than a quarter of all cyberattacks by 2020, it’s crucial that network security professionals understand what a significant threat vector that IoT is, along with the unique strategies required to secure it:
Multi-Vendor Environments: As digital transformation efforts dramatically increase the demand for IoT and OT devices, vendors have been quick to capitalize on it. As a result, businesses and organizations across industries have now incorporated a variety of IoT devices from numerous vendors into their network infrastructure. However, the larger the multi-vendor environment, the harder it is for IT teams to account for, track, and secure each device.
Poor Network Visibility: One of the biggest vulnerabilities brought on by the IoT explosion is a lack of visibility into the elements operating within a network at any given time. The fact is, thousands of connected devices can potentially access a network from a myriad of locations both external and internal, including from remote offices via SD-WAN and the newly connected OT network. The challenge is that effective security posture is reliant on the ability of cybersecurity professionals to clearly identify each device, assign ownership and policy, segment them accordingly, and then actively track and monitor those devices and their applications and data even when they are highly mobile. However, when IT teams rely on manual threat analysis, detection, and mitigation, this becomes extremely difficult and often leads to unknown devices, rogue access points, and shadow IT to operate in the network undetected.
Headless Devices: Given the massive demand for IoT devices, cost is an issue. As a result, these devices are typically manufactured with only the bare essentials needed to ensure their functionality. In other words, these devices lack the control and visibility typically provided by a traditional user interface, making them impossible to patch or update. Even worse, an alarming number of these devices include blatant vulnerabilities, such as hard-coded back doors, that can be easily exploited if they are not appropriately protected. This provides cybercriminals with the opportunity to deploy AI-assisted attacks that can detect and compromise IoT and OT devices using emerging techniques such as swarm technology. This technology essentially turns devices into malware proxies capable of attacking networks on a large scale from within the network itself.
Cryptojacking Remains a Primary Concern: Given the lack of visibility and control into IoT and OT devices, they are a particularly attractive target for cryptojacking attacks that leech off these devices in order to mine cryptocurrency. In our Global Threat Landscape Report for Q2, we saw evolving cryptojacking attacks targeting IoT and OT devices – accounting for 23 percent of malware-based attacks. Cryptojacking poses a particularly significant threat for networks that deploy OT in order to efficiently manage their operations. Should a successful cryptojacking attack slow OT efficiency down, it could seriously impact the targeted organization.
Leveraging Artificial Intelligence to Secure the IoT
To actively secure IoT and OT devices while mitigating the common threats targeting them, proactive IT professionals have begun to redesign their security posture to include AI as part of an integrated and automated security fabric. With artificial intelligence acting as the workhorse of network defense, cybersecurity personnel can now gain an advantage in the continuing cyberwar to secure the success of their digital transformation efforts, including IoT implementation, while maintaining their network integrity.
Specifically, AI in combination with a modern fabric-based defense provides IT teams with:
Comprehensive Device Visibility: Leveraging AI-assisted network access control, cybersecurity professionals can achieve clear visibility into every device accessing a network at any given time. Armed with granular device visibility, each device can be appropriately inventoried, tracked, secured, and segmented at machine speeds.
Unified Threat Analysis: As organizations’ digital transformation efforts continue to expand the perimeter of their networks – both physical and cloud-based – it becomes increasingly difficult to conduct threat analysis and mitigation efforts across the network at a rate that can keep pace with modern cyberthreats. With this in mind, AI provides the means for IT teams to rapidly collect the latest threat analysis data, identify vulnerabilities within their networks, and deploy those security solutions that mitigate those attacks.
Automated Threat Containment: Seconds matterwhen a network is successfully breached. The longer a network breach remains unhindered, the farther the damage can spread. This is particularly evident across the financial services, healthcare, and critical infrastructure sectors, where essential systems need to remain operational at all times, and if successfully hindered, can cost exorbitant sums of money and even the lives of employees, patients, or citizens. With AI in place, IoT and OT containment procedures can be automated, allowing infected devices to be properly segmented or taken offline before they have a chance to spread to additional areas throughout the network.
IoT and OT adoption is exploding as organizations across industries continue to expand their ongoing digital transformation efforts. However, cybercriminals are simultaneously expanding their capabilities, leveraging new development, deployment, and exploitation techniques to launch faster and more sophisticated attacks. Their ability to integrate AI into this process is simply a matter of time. In order to protect the success of digital transformation, and the new digital economy driving that transformation, cybersecurity personnel need to get out in front of this challenge now by leveraging AI-assisted security solutions that provide the breadth and rapid detection and response capabilities needed to keep pace with modern cybercriminals.