AI and the Impact on Cybersecurity

CYBER ARMS RACE
ARTIFICIAL INTELLIGENCE WORKS BOTH WAYS
“NO COPYRIGHT INFRINGEMENT IS INTENDED” COPYRIGHT GRAHAM MANN ALL RIGHTS RESERVED 2019

RUNNING ORDER
AI Defined The world of AI Nefarious adaptations

AI DEFINED?
 1 : a branch of computer science dealing with the simulation of intelligent behaviour in computers
 2 : the capability of a machine to imitate intelligent human behaviour
 Merriam-Webster
 Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially
computer systems. These processes include learning (the acquisition of information and rules for using
the information), reasoning (using rules to reach approximate or definite conclusions) and self-correction.
 The theory and development of computer systems able to perform tasks normally requiring human
intelligence, such as visual perception, speech recognition, decision-making, and translation between
languages.

ACTUALLY, IT’S JUST 1’S AND 0’S

BUT REALLY, WHAT IS AI?
 It’s just a computer program or an
algorithm;
 Once an AI program chooses its solution,
it should then be able to evaluate the
results of that action, and refer back to
that information the next time it has to
make a similar decision. In this way, an AI
system “learns” and “problem-solves”
within the bounds of its programming.
 It’s not new, in fact it’s as old as me -
the phrase artificial Intelligence was
coined in1955!

BUT MORE THAN THAT
AI can engage in interactions from humans or other machines,
interpreting meaning and formulating an appropriate response.
AI can interpret supplied information and take appropriate action to
achieve its mandated goals.
AI can internalise new information and adjust its behaviours accordingly
to maximise it's effectiveness.
AI can conduct most of its decision-making process without the need
for human input.

AI AND ML AND DL
 As we have discussed , deep learning (DL) is a subset of machine learning, and machine learning is a
subset of AI, which is an umbrella term for any computer program that does something smart. Think
Russian dolls.
 Deep Learning - Neural Networks and Deep Neural Networks, which are modelled on the human brain.
 ML has been around a long time, since the ’90’s at least.
 AI doesn’t need training or pre-programming

WHAT’S DRIVING AI?
 Over the last two years alone 90 percent of the data in the world was generated, this resulted in a huge
amount of data, which was previously not available.
 Computers are faster
 Storage is cheap and plentiful
 Technological advances
 The consumers thirst for tech
 Drive to replace humans undertaking certain tasks
 Need for speed
 Warfare
 ….and I could go on.

WHY IS AI IMPORTANT?
 W/wide spending on cybersecurity was $114 billion last year
 The business value of artificial intelligence worldwide will rise 70 per cent this year to $1.2 trillion,
and end 2022 at $3.9 trillion, says Gartner.
 Whilst looking further out; PwC predicts that by 2030 AI will add up to $15.7 trillion to the world
economy
 Computers are getting faster, data volumes are increasing
 It is more accurate than humans, it doesn’t tire and can work at speeds that are simply outside of
human capability.
 It enables analysis of vast lakes of unstructured data to create actionable information
 It’s unhampered by repetitive actions.
 SAS alone are to invest $1 billion over the next three years in AI

AI TOUCHES ALL OUR LIVES
Consumer Medical
Dangerous jobs Military/Security
Education Automobiles
Aerospace Industrial
Entertainment Telepresence
Exoskeletons Underwater
Humanoids

PREDICTIONS AROUND AI?

AI ISN’T AN ISLAND
Biometrics
Networks
Blockchains
IoT/IIoT/ICS
Cloud Computing

AI & CLOUD COMPUTING
 The development of cloud computing has enabled the very rapid evolution of a huge diversity of new business
capabilities:
 The Contemporary Internet
 Social Media
 Artificial Intelligence/Machine Learning
 The Internet of Things (IoT)
 Robots/Robotic Process Automation
 Big Data / Big Analytics
 DevOps Automation/Low Code
 Blockchain
 Cybersecurity

BLOCKCHAIN AND AI – A SECURE COMBINATION
 As a centralised system running on a single processor, hackers or malware can infiltrate an AI system and alter
its instructions.
 Combine it with blockchain technology, thus before any information is accepted and processed on the
blockchain platform, it must go through several nodes or phases of the network on the system. It therefore
becomes more difficult to hack any blockchain-based technology but not impossible.
 Eventually, AI could take over many of the functions associated with blockchain, mining for example.
 Because blockchain uses consensus algorithm to verify transactions, it is impossible for a single unit to pose a
threat to the data network. A node (or unit) that begins to act abnormally can easily be identified and
expunged from the network.
 Because the network is so distributed, it makes it almost impossible for a single party to generate enough
computational power to alter the validation criteria and allow unwanted data in the system. To alter the
blockchain rules, a majority of nodes must be pooled together to create a consensus. This will not be possible
for a single bad actor to achieve.

WHY AI IS IMPORTANT TO FINANCIAL INSTITUTIONS
 Blockchain + AI makes for real-time cross border transactions. Several banks and fintech innovators are
now exploring blockchain because it affords fast—actually, real-time—settlement of huge sums
irrespective of geographic barriers. Link this with smart contracts and AI and you have a fast, efficient
full-proof solution, requiring little human intervention.
 With blockchain and AI, banks and other organisations can observe changes in data in real time making
it possible to make quick decisions—whether it is to block a suspicious transaction or track abnormal
activities.
 Personal information of banking customers – anonymity of people.
 Democratisation of finance – AI + Blockchain are making banks less important.

AI DRIVING SOCIAL & COLLABORATIVE FINANCE
• Property
• Landbay
• LendInvest
• Personal
Lending
• Kiva
• SocietyOne
• Equity
• CreditEase
• FundingCircl
e
• CrowdFundin
g
• Seedrs
• Investor
• Social
Trading
• eToro
• Zulutrade

WHO’S WORKING ON AI?
 It’s easier to ask “who isn’t”? There are lots of organisations,
academia, governments, etc. working on AI
 Graphcore – a UK based start-up have developed a IPU
(intelligence Processing Unit) designed for machine intelligence
workloads. It’s designed to manipulate graphs.
 Alan Turing Institute – safe and ethical AI.

EXAMPLES OF AI
 Video camera – identifying unusual events - https://icetana.com/icetana-product-overview/
 The Security Gets Smart with AI survey indicated that, among 261 corporate and government security
professionals surveyed, the most intended uses of AI are toward cyber defence (75.2%), malware
prevention (70.5%), and advanced threat detection/prevention (68.6%).
 PCDLS Net – helps to identify the pancreas to enable cancer treatment to be more targeted.
 Vectra Cognito - is a fully automated threat detection platform which uses Artificial Intelligence and
Machine Learning to find attacker behaviours that have already gotten onto your network. It then triages
that data to give a clearer picture to your SOC of what is of most importance for them to focus on.
 User Behaviour Analytics or UBA, Identity and Access Management or IAM, Security Information and
Event Management or SIEM, Intrusion Detection System or IDS

AI IN FINANCIAL SERVICES
 It’s disrupting the entire sector and it’s just the beginning
 Challenger banks like Monzo and Revolut are built around AI.
 Analysis of the customer experience
 Deliverables
 Customer interface
 FinTech is lowering the barriers to entry, enabling poorer people to
invest their money previously stored in property.

HOW CAN AI HELP FINANCIAL SERVICES?
 AI could improve the customer experience
 Help in entering new markets
 Gain revenue more quickly
 Reduce operational and business expenses, and
 Enhance compliance efforts.

WORRYING TRENDS IN AI
 Over reliance on machines to think for us.
 China is expected to over take the US in AI this year – good or bad?
 The use of AI to trick people – phishing on steroids.
 Sharing info with virtual assistants – privacy issues.
 Assistant provides attachments that could include malware.
 Listening to conversations via cameras and microphones – board room secrets
could be exposed
 Facial recognition can track people through hacking into public CCTV feeds –
recently banned by San Francisco.

AT RISK FROM AI BASED ATTACKS

WHAT IS REALITY?
 Deepfake (a portmanteau of "deep learning" and "fake"[1]) is a technique for human image synthesis
based on artificial intelligence. It is used to combine and superimpose existing images and videos onto
source images or videos using a machine learning technique called a "generative adversarial network"
(GAN).[2] The combination of the existing and source videos results in a video that can depict a person
or persons saying things or performing actions that never occurred in reality. Such fake videos can be
created to, for example, show a person performing sexual acts they never took part in, or can be used to
alter the words or gestures a politician uses to make it look like that person said something they never
did.
 Because of these capabilities, Deepfakes have been used to create fake celebrity pornographic videos or
revenge porn.[3] Deepfakes can also be used to create fake news and malicious hoaxes
 In January 2018, a desktop application called FakeApp was launched. The app allows users to easily
create and share videos with faces swapped

CYBER ATTACKS 2018

CYBER TARGETS 2019

ATTACK SURFACE
2010’s
2000’s
90’s
80’s
00’s
000’s
000,000’s
000,000,000’s

INTERNET USERS

CYBERCRIME PANDEMIC

AI AND MACHINE LEARNING WEAPONISATION
 Profiling potential targets, prior to a phishing attack for example.
 Back in 2017 hackers attempted to acquire data from a North American casino by using an Internet-
connected fish tank, according to a report released Thursday by cybersecurity firm Darktrace. The fish
tank had sensors connected to a PC that regulated the temperature, food and cleanliness of the tank.
 AI is being used in malware and botnets
 AI botnets have been used to make DDoS attacks more effective and avoid being caught.
 Password guessing using PassGAN (arxiv.org/abs/1709.00440). When used with other tools it
can guess 50 – 70% of passwords!
 Phishing attacks
 Cybeready

NOTABLE AI ASSISTED CYBER ATTACKS
 TaskRabbit – Website attack exposing millions of consumers data, including social security
numbers and bank details
 Nokia – according to their Threat Intel Report: (IoT) botnet activity is responsible for 78% of
malware detection in networks.
 WordPress – an estimated 20,000 sites have been infected by the Botnet attack.
 Marriott scam – affected 500 million customers over four years, including their passport,
credit card data. Believe to be instigated by China.
 Instagram – were subjected to two attacks in August and November 2018, exposing user
account information.

INDUSTRIAL CONTROL SYSTEMS ATTACKS
 ICS Insider – A disgruntled insider with access to ICS equipment uses social engineering to steal
passwords able to trigger a partial plant shutdown.
 IT Insider – A disgruntled insider with access to an IT network uses social engineering to steal
passwords able to give them remote control of a copy of the HMI system on an engineering
workstation.
 Common Ransomware – Accidentally downloaded to an engineering workstation and spreads to rest
of ICS.
 Targeted Ransomware – Spear-phishing seeds a Remote Access Trojan (RAT) on an IT network, which
is used to deliberately spread ransomware through an ICS
 Zero-Day Ransomware – Ransomware incorporating a zero-day Windows exploit spreads through
IT/OT firewalls.
 Ukraine Attack – The now well-known first generation Ukraine attack using spear phishing and
remote access.
 Sophisticated Ukraine Attack – A variation of the well-known Ukraine attack – the variation targets
protective relays and causes physical damage to electric substations and rotating equipment.
HMI

INDUSTRIAL CONTROL SYSTEMS ATTACKS - CONT
 Market Manipulation – An organized-crime syndicate uses known vulnerabilities in Internet-facing systems to
seed RATs that are ultimately used to simulate random equipment failures, triggering commodities markets
fluctuations.
 Sophisticated Market Manipulation – A similar attack targeting an ICS site’s services suppliers as a means of
seeding peer-to-peer RAT malware into an ICS and simulating random failures.
 Cell-phone WIFI – A combination of spear-phishing and a Trojan cell phone app provides attackers with access
to ICS WIFI networks.
 Hijacked Two-Factor – Sophisticated malware allows attackers to hijack remote desktop / VPN sessions after a
remote user logs in with two-factor authentication.
 IIoT Pivot – Hacktivists pivot into an ICS via a poorly-defended cloud vendor.
 Malicious Outsourcing – A disgruntled employee of a remote services vendor configures a simple time bomb
on important ICS servers on the employee’s last day on the job.
 Compromised Vendor Website – Hacktivists use a compromised vendor’s website to insert malware into a
software update, malware that targets specific industrial sites.

INDUSTRIAL CONTROL SYSTEMS ATTACKS - CONT
 Compromised Remote Site – A physical breach of remote substation or pumping station hides a laptop at the
remote site with a WIFI connection that is later used to attack the central SCADA site.
 Vendor Back Door – Hacktivist-class attackers discover a vendor’s back door that provides the poorly defended
vendor’s website with remote control of ICS components in the name of “remote support.”
 Stuxnet – A Stuxnet-class attack targets a heavily defended site by compromising a services vendor for the site
and crafting autonomous, zero-day-exploiting malware.
 Hardware Supply Chain – An intelligence-agency grade attack intercepts new computers destined for an ICS site
and inserts wireless, remote-control equipment into the computers.
 Nation-State Crypto Compromise – A nation-state grade attack compromises the Public Key Infrastructure by
stealing a certificate authority’s private key, or by breaking a cryptographic algorithm, such as SHA-256, allowing
them to falsify security updates.
 Sophisticated, Credentialed ICS Insider – An ICS insider is aligned with the interests of a sophisticated cyber
attack organization, deliberately cooperating with the organization to create sophisticated malware and seed it in
the ICS.

MALWARE ON STEROIDS
 RATS are usually driven by humans. They blend into their environment to look like business as usual.
 What if an AI RAT could do the same without the need for human intervention?
 Or if AI could be used to deskill the attack process.
 Or if AI could be used to better scale the process.
 Or if AI could make the attacks more stealthy.
 AI-driven malware will be able to choose whatever method appears most successful for the target
environment and use this to move laterally.
 AI can be used to determine, based on context, which payload would yield the highest profit.
 Trickbot – information stealing malware, targeted toward stealing banking information. Authors are
continuing to develop it’s capabilities to add locking and better human control capabilities like Empire
Powershell.

AI AND THE LAW
• What if doctors or boards ignore AI generated advice?
• Compliance
• Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated
decision-making that has legal or similarly significant effects on them.
• You can only carry out this type of decision-making where the decision is:
• necessary for the entry into or performance of a contract; or
• authorised by Union or Member state law applicable to the controller; or
• based on the individual’s explicit consent.
• You must identify whether any of your processing falls under Article 22 and, if so, make sure that you:
• give individuals information about the processing;
• introduce simple ways for them to request human intervention or challenge a decision;
• carry out regular checks to make sure that your systems are working as intended.

TRUST
 Can we moderate AI?
 Who should moderate AI?
 Can we trust AI?
 Is it important that we can?
 “Trust Leap” paper statements to online
 Context i.e. age
 What are the checks and balances?
 Standardisation

EVOLUTION OF ARMS
Spears
Guns
Submarines
Intercontinental
Ballistic Missiles
Nuclear
1982 2019
Viruses AI based
attacks
Attacker
s
Defenders

SUMMING UP
AI is all pervasive and disruptive
It’s revolutionising the World
It has the capacity for good and evil

THANK YOU
G.MANN@CYBERSPACEDEFENCE.COM
07714 210433

AI and the Impact on Cybersecurity

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à AI and the Impact on Cybersecurity

Similaire à AI and the Impact on Cybersecurity (20)

Dernier

Dernier (20)

AI and the Impact on Cybersecurity