Integrating AI in offense and defense helps organizations protect themselves

Verizon Business has been helping customers refine their cyber security strategies and security programs to ensure that they supporting digital objectives, while quickly detecting and responding to threats.

Anshuman Sharma, Director VTRAC, Cybersecurity Consulting Services, Verizon Business, tells us more. Excerpts from an interview: 

DQ: How are hackers utilizing AI to improve the sophistication and scale of their cyberattacks, and what are the implications for businesses?

Anshuman Sharma: Hackers are increasingly leveraging generative AI to enhance the sophistication and scale of their cyberattacks. Gen AI enables the creation of new attack patterns that are not explicitly programmed, allowing attackers to bypass traditional security measures. 

Attackers utilize AI to analyze and understand the architectures of AI systems, employing techniques such as Discover Machine Learning (ML) to identify weaknesses. This capability allows them to tailor precise attacks that exploit specific vulnerabilities within a system's defenses, making their efforts more effective and targeted. According to Verizon's 2024 Data Breach Investigations Report, “exploitation of vulnerabilities as an initial access step for a breach grew by 180% — almost triple that of last year”.

AI-driven attacks can manipulate data streams, introduce errors in AI training data known as data poisoning and exploit vulnerabilities in real-time, making them harder to detect and mitigate. For businesses, this means a higher risk of data breaches, operational disruptions, and financial losses. 

The implications are clear. Organizations must adopt robust AI governance and advanced cyber security measures to protect their digital assets and ensure the safe deployment of AI technologies. Additionally, businesses must invest in cybersecurity training. By understanding the potential threats and investing in the right technology and training, businesses can significantly reduce their risk of falling victim to an AI-driven cyberattack.

DQ: With the rise of AI-generated phishing emails, what steps can individuals and organizations take to protect themselves from these increasingly convincing attacks?

Anshuman Sharma: AI-generated phishing emails are becoming more convincing and harder to detect, posing a significant threat to individuals and organizations. Implementing AI systems that can detect anomalies is crucial, as these systems can identify suspicious behaviors that may indicate a phishing threat. This vigilant oversight is essential in catching potential attacks before they can cause significant harm, as human oversight may not always be sufficient to recognize sophisticated phishing attempts.

Utilizing AI to analyze network traffic can help distinguish between normal and suspicious activity, enhancing the detection of sophisticated phishing threats and enabling quicker responses to potential attacks.

Finally, leveraging AI tools specifically designed for phishing detection can significantly bolster defenses. These tools can learn the characteristics of phishing and spam emails, adapting to new tactics employed by attackers over time. 

Encouraging the use of AI-generated complex passwords can further enhance security by making it more difficult for attackers to gain unauthorized access. Multi-factor authentication (MFA) and strict access controls further reduce the risk of credential theft. By integrating AI in both offense and defense, organizations can better protect themselves from these sophisticated attacks​

DQ: What role do emerging programming languages like Rust play in the strategies of cyber criminals, and how can organizations defend against this shift?

Anshuman Sharma: Emerging programming languages like Rust are increasingly being adopted by cybercriminals due to their ability to create highly secure and efficient code. They provide efficient memory management, evasion capabilities, and are harder to reverse engineer, making them ideal for creating sophisticated malware and ransomware. 

For instance, the Predator group Luna is leveraging Rust to incorporate two encryption algorithms, Diffie-Hellman and AES, within a single malware. This dual encryption approach is unprecedented and makes it particularly challenging for traditional debugging tools and disassemblers to reverse engineer the malware and understand its operations.

To defend against this shift, organizations need to adopt advanced threat detection systems capable of analyzing and responding to malware written in newer languages like Rust. Investing in sophisticated security tools that can handle the complexities introduced by these new programming techniques, alongside a proactive threat-hunting approach, is crucial. 

Regular security audits, updated patch management, and a zero-trust architecture will further help organizations mitigate the risks posed by these emerging threats. Cybersecurity teams need to stay updated with the latest programming languages and technologies used by cybercriminals

DQ: What other emerging cyber threats should organizations be aware of, and how can Verizon's cyber security offerings help businesses stay ahead of these evolving risks?

Anshuman Sharma: Organizations should be vigilant about several emerging cyber threats, including AI-driven attacks, supply chain vulnerabilities, the exploitation of IoT devices, and advanced social engineering tactics. AI-driven attacks, such as data poisoning and bypassing defenses through sophisticated techniques, pose significant risks as they evolve. 

Supply chain attacks, especially in critical industries, have far-reaching implications due to the interconnected nature of global operations. Additionally, IoT devices present new vulnerabilities, as they expand the attack surface for potential breaches.

To stay ahead of these evolving risks, Verizon offers a comprehensive suite of cybersecurity solutions designed to protect businesses at every level. These include network and cloud security, advanced threat intelligence, network filtering, and endpoint security. Our solutions also encompass automated penetration testing and voice security, which help businesses detect and respond to threats in real-time. 

By continuously monitoring and testing networks, and educating employees to recognize potential threats, we help organizations maintain a robust defense posture, significantly reducing the risk of cyberattacks and safeguarding valuable information​.

DQ: Can you explain Verizon's five-part defense plan and how it addresses the current landscape of cyber threats?

Anshuman Sharma: Our five-part defense plan is meticulously designed to address the current landscape of cyber threats. This multi-faceted approach ensures that businesses are not only protected against current threats but are also well-prepared for evolving challenges in the cybersecurity landscape​.

• Educate: We emphasize the importance of educating employees, contractors, and partners to recognize potential security threats. This frontline defense is crucial in identifying red flags, such as phishing attempts or unusual network activity.

• Prevent: Implementing strong security policies and controls is key to preventing cyber threats. We offer network filtering, voice security, and cloud security solutions to ensure that businesses have a robust defense in place across all platforms, including mobile devices.

• Detect: Advanced anomaly detection mechanisms are crucial for identifying cyber threats. We are utilizing sophisticated tools and algorithms to monitor network activity, detect deviations, and swiftly identify potential security incidents. This is complemented by endpoint security solutions that actively scan for malware and unauthorized access attempts.

• Respond: In the event of a security breach, our defense plan includes a robust incident response protocol. This involves continuous monitoring and testing of networks to ensure swift action and containment of threats, minimizing damage and restoring normal operations.

• Recover: We assist businesses in recovering from cyberattacks by helping them restore data, rebuild systems, and improve their security posture to prevent future incidents. Verizon’s expert consulting services provide tailored advice to address specific security challenges and reinforce overall defenses.