In an exclusive interview, Mr. Anil Valluri, Regional VP and MD of India and SAARC at Palo Alto Networks, sheds light on the potential threat of AI-enabled cyberattacks and the pressing need for organizations and individuals to be concerned about them. As AI and Machine Learning become increasingly prevalent, the cyber attackers are leveraging these technologies to launch more automated, aggressive, and coordinated attacks. Mr. Valluri explains the challenges in identifying and addressing such AI-enabled cyber attacks, emphasizing the need for a security-by-design approach and the importance of information sharing to effectively detect and prevent these evolving threats.
Please tell us about the potential threat of AI-enabled cyberattacks and why should organizations and even individuals be concerned about it?
As enterprises turn to Artificial Intelligence (AI) and its subset Machine Learning (ML), to bring a degree of advancement to their Security Operations Centers (SOC), cyberattackers are using the same to launch more automated, aggressive and coordinated attacks. AI and ML-powered tools are helping hackers be more efficient in developing a deeper understanding of how organisations are trying to prevent them from penetrating their defences. For example, natural language processing, a technology that is a key driver for many customer-service applications, is also highly adept at creating phishing emails. We have also observed attackers use ML to mimic the usual digital activity of legitimate users to cover their tracks. Recent developments in AI tools have introduced more cause for worry for enterprises. While they could hold great promise for various use cases, tech experts and commentators worldwide have been concerned about the impact of AI-generated content tools and how they can potentially democratise cybercrime.
What are the challenges in identifying and addressing such AI-enabled cyber attacks?
Identifying and addressing AI-enabled cyber attacks can pose unique challenges due to their sophisticated and constantly evolving nature. Firstly, it can be difficult to attribute an AI-enabled attack to a specific actor as they can be executed remotely and involve multiple layers of obfuscation. Secondly, with AI-enabled attacks, attackers can leverage the scalability of AI to launch attacks on a massive scale, further complicating the detection and response process for victims. Thirdly, AI attacks built with techniques such as adversarial machine learning are designed to evade detection by traditional security systems – a nightmare for enterprises still dependent on legacy security systems.
How do you approach the task of detecting and preventing AI-enabled cyber attacks?
Taking a security-by-design approach and promoting information sharing is critical to detecting AI-enabled cyber-attacks and safeguarding your enterprise, primarily if your cybersecurity teams rely on AI-based tools for automated prevention, detection and response. Security-by-design encourages enterprises to account for cyber risks right from the onset, so any vulnerabilities in the modernisation process can be resolved swiftly. This approach also facilitates the implementation of AI and ML security across the organisation, reducing the risk of a breach.
Adversaries can easily share information to help their fellow attackers orchestrate attacks, and neither should enterprises, even if they may find the idea counter-intuitive. Establishing Information Sharing and Analysis Centers (ISACs) can help enterprises share threat data and intelligence internally and with peers. Such collaborative efforts can help improve cybersecurity capabilities across industries and weaken cyber threats because the more data you have, the more capable your AI & ML SOC will be against an attack.
How do you see the use of AI evolving in cyber attacks in the near future? Are there any new techniques or methods you expect to see emerging that pose a greater cybersecurity threat to organizations?
Thanks to recent trends in AI, the global tech and security community has been rife with concerns about the impact AI-generated content tools will have, particularly on cybersecurity. Testing the validity of these concerns, a team representing Singapore’s Government Technology Agency at the Las Vegas Black Hat and Defcon security conferences demonstrated how AI crafted better phishing emails and devilishly effective spear phishing messages than humans. Researchers used OpenAI’s GPT-3 platform and combined it with other AI-as-a-service products focused on personality analysis to generate phishing emails customised to the target’s backgrounds and characters. Eventually, the researchers developed a pipeline that groomed and refined the emails before hitting their targets. To their surprise, the platform also automatically supplied specifics, such as mentioning a Singaporean law when instructed to generate content for people in Singapore.
While the makers of ChatGPT have suggested that the AI-driven tool has the in-built ability to challenge incorrect premises and reject inappropriate requests and that the system has inbuilt guardrails designed to prevent any kind of criminal activities, a few tweaks generated a near-flawless phishing email that sounded “weirdly human.” Additionally, ransomware attacks seeing a 218% spike in India in 2021 alludes to the fact that evolutions in AI tools are reducing the barrier of entry for cybercriminals, leading to an increase in such attacks.
What advice would you give CIOs/CISOs of organizations looking to protect themselves against such AI-enabled and ever-evolving cyber attacks? Are there any best practices or tools that you would recommend?
AI tools are accelerating digital transformation for individuals and enterprises, but in most cases, security is accelerating at a different pace. Recent evolutions in the cyber threat landscape are evidence of this; evolutions in AI tools, their increased availability for low prices on the dark web, and the emergence of ransomware-as-a-service models are lowering the barrier of entry for cybercriminals and driving an increase in such attacks. This shows a clear need to elevate cybersecurity by leveraging best-in-class capabilities focused on AI & ML so enterprises can fight fire with fire. It is also essential that enterprises use AI & ML for efficient data analysis that helps them stay ahead of evolved zero-day threats and also introduces the automation necessary to accelerate response times and reduce human error. At Palo Alto Networks, for instance, our network security portfolio includes AIOps for Next-gen Firewalls which uses ML-powered insights to improve security posture and prevent network disruptions proactively. This maximises security and reduces downtime, optimises investments, streamlines operations, and provides the SOC complete visibility into their networks. Our Cortex line-up also leverages AI for endpoint security, detection, response, automation, and attack surface management.
From your perspective, what trends or technology developments will have the biggest impact on the cybersecurity landscape in 2023?
- Accelerated 5G adoption will deepen vulnerabilities – 5G connections in India are expected to reach 88 million by 2025, according to a recent report by GSMA. While the spotlight is currently focused on delivering higher data speeds, latency improvements, and the overall functional redesign of mobile networks, the cloud will expose the 5G core to cloud security vulnerabilities. With only 14% of Indian organisations equipped with a plan for securing their 5G/4G environment, CISOs will need to be wary of large-scale attacks originating from any source, including the operator’s network.
- Securing connected medical devices will be critical – Digitisation has enabled new healthcare capabilities such as virtual healthcare and remote diagnosis. But recent cyberattacks on our critical infrastructures have proven that the prevalence of legacy and sensitive data make healthcare an attractive target for cyber threat actors. Ensuring the cybersecurity of medical IoT will be important as ever for patient safety, as the closer, a patient is to a device, the greater the likelihood of weaponization by bad actors.
- Cloud supply chain attacks will disrupt businesses – Log4J recently demonstrated how many organisations can be affected due to a dependent code embedded into the software packaging process. Cloud-native architectures that are also consuming third-party code in their critical applications will render the entire cloud supply chain vulnerable. As per Palo Alto Networks’ latest ‘What’s Next in Cyber Survey,’ 37% of organisations expect software supply chain attacks to increase most in 2023, and cloud adoption trends will intensify this further. 44% of Indian organisations expect software supply chain attacks to increase in 2023.
- The debate on data sovereignty will intensify – As the world becomes more reliant on data and digital information, the volume of regulations and legislation emanating from a desire to control and protect citizens and ensure the continued availability of critical services will increase. As a result, the conversations around data localisation and data sovereignty will likely intensify in 2023.
- Metaverse to be the new playground for cybercriminals – With an estimated $54 billion spent on virtual goods yearly, metaverse could open up a new playground for cybercriminals. The immersive nature of the metaverse will unlock new opportunities for businesses and consumers alike, allowing buyers and sellers to connect in a new way. Companies, and cyber attackers, in tandem, will take advantage of mixed reality experiences to diversify their offerings and cater to the needs of consumers in the metaverse.
