The first wave of AI-Based Attack
An AI-Based attack is coming and the first wave will be the AI Malware.
The threat of a HAL-9000 intelligence directing malware from afar is still the realm of fiction, so too is the prospect of an uber-elite hacker collective that has been digitized and shrunken down to an email-sized AI package.
However, over the next two to three years, I see six economically viable and “low hanging fruit” uses for AI infused malware – all focused on optimizing efficiency in harvesting valuable data, targeting specific users, and bypassing detection technologies.
This is part of an article in SecurityWeek.
With the proliferation of Artificial Intelligence technology shaping the digital world at an increasing pace, the first examples of AI-driven malware will emerge in the next two to three years. He outlines 6 different capabilities of AI malware that should be relatively easy to develop:
- Automated compromise of systems and networks that don’t require frequent communications between the malware and the command-and-control (C2) server of the attacker.
- Identification of the most valuable data on compromised systems through data labeling and classification, which will involve Machine Learning (ML).
- Employment of conversational AI to participate in email and chat communications on compromised devices while masquerading as targeted users in order to socially engineer coworkers of victims.
- Use of AI-driven speech to text translation in order to capture valuable information from the environment that can be recorded with the microphone of a compromised machine.
- Use of embedded cognitive AI in order to determine various characteristics of victims and deploy payloads only if victims meet certain criteria.
- Creation of a “bio-profile” of users based on their behavioral characteristics in order to bypass advanced behavioral monitoring systems.