We Are Losing the War Against Offensive AI

Cybercriminals have weaponized AI and the threat is too great for legacy defense tactics argues Darktrace Director of Threat Hunting Max Heinemayer

Bad actors are using advanced offensive AI to scale up their attacks and generate more revenue for their criminal enterprises, according to Max Heinemayer, Director of Threat Hunting for Cybersecurity Firm Darktrace.

Speaking at our recent CISO Live Europe digital event, Heinemayer argues that there is a covert war taking place between offensive and defensive AI, and so far, the bad guys are winning.

“It's already not a fair game. The defenders are losing, and have been losing for the last 30 years,” says Heinemayer. We see it every day in the news, even big companies with the biggest budgets in the world getting hacked, losing all their data, and getting encrypted with ransomware.

He continues: “Now imagine the barrier to entry for hackers is even lower. By using offensive tools, conducting hacking attacks becomes even easier, because the tools they use are smarter and use some form of machine learning.”

What is Offensive AI?

The term ‘offensive AI’ describes the use of specific AI and machine learning algorithms to make cybercriminals more productive, efficient, and difficult to detect.  

“When I say offensive AI, I mean machine learning algorithms either supervised or unsupervised, [like] deep learning and reinforcement learning being used to augment today's cyberattacks,” says Heinemeyer.

Modern machine learning technologies can be widely used to improve the effectiveness of cyberattacks throughout the attack life cycle, according to Heinemeyer.

“[This includes] any piece of the attack life-cycle: initial reconnaissance, initial intrusion, command-and-control traffic, privilege escalation, internal reconnaissance, lateral movement. Any of these could be augmented by machine learning in one way or another.”

How Offensive AI Improves Workflows for Criminals

Perversely, the benefits of AI for attackers precisely mirror the benefits of AI for cybersecurity defense and even the broad benefits of using AI for business. AI automates mundane tasks and helps to scale initiatives at pace.

“A lot of what hackers do is quite manual, tedious, and repetitive. And these are the bits that offensive AI can automate speed up,” Heinemeyer says. “And not only that, but existing attackers can scale up their attacks.”

He continues: “What is currently a bottleneck very often for attackers are those tedious tasks [like] doing reconnaissance on your victims, or understanding where you can move around without setting off alarm bells. That could be, again, automated by using some form of machine learning.”

The incentives for cybercriminals are clear. The more mundane tasks can be automated, the more attacks they can launch, and the more money they can potentially make.

Fighting Back with Defensive AI

Even if your company has a dedicated cybersecurity team, the chances are they are already working at the edge of their capabilities and budget. Heinemeyer argues that keeping up with offensive AI will require a paradigm shift for cybersecurity teams.

“What we also know is that the legacy approach can't keep up. Because legacy tools are always retrospective. They are static and they are siloed. Mark my words: Solar Winds was the death knell for first-generation security tools,” he says.

The answer, according to Heinemeyer, is to fight fire with fire – or more specifically, AI with AI.

“For detection, we use unsupervised machine learning. Self-learning AI. It doesn't need lab training data and it doesn't need constant updating. It changes within the environment as the environment changes,” he says. “And then when something big happens that looks like a cyberattack, even if we've never seen it before, we’re going to spot it and stop it as it happens.”

As cybercriminals increasingly use AI technology to act at scale and pace, cybersecurity teams will need to be ahead of the curve to keep their organizations secure.

You can see Max Heinemeyer’s full session at CISO Live Europe on-demand here. Also, check out the lineup of world-leading speakers at our upcoming CISO Europe digital event on 2-3 November here