fbpx
April 19, 2023
by Mary Grlic
aruba

Can AI make malware? It sure can.

Believe it or not, the history of artificial intelligence (AI) started in the 1950’s. Now 70+ years later and it’s grown in popularity and potential. Artificial intelligence enables computer systems…...
"

Start reading

Believe it or not, the history of artificial intelligence (AI) started in the 1950’s. Now 70+ years later and it’s grown in popularity and potential. Artificial intelligence enables computer systems to think and act like people. AI now has the potential to make malware and act just like human cyber attackers can. The growth in artificial intelligence has made the need for cybersecurity all the more prominent. In fact, the experts at Vantage Market Research say that AI in the cybersecurity department is expected to grow 23% over the next five years. Some common cybersecurity threats include risks like malware and social engineering attacks, among countless others.

AI was introduced to our world in the 1950’s. Here’s an old American Express + Chevy ad to remind you of what a different world it was back then.
AI -- artificial intelligence -- was introduced to our world in the 1950’s. Here’s an old American Express + Chevy ad to remind you of what a different world it was back then.
AI was introduced to our world in the 1950’s. Here’s an old American Express + Chevy ad to remind you of what a different world it was back then.

What is Malware?   

Malware is any type of software that is designed to damage or disrupt the current functioning of a device. Malware is typically deployed by experienced hackers who want to exploit a system for a certain reason. This way, they can gain unauthorized access to steal, and possibly leak, confidential information. Without up to date security measures, malware poses a huge risk for many businesses. Read about the Rhadamanthys Stealer, for example.

With the increase in AI, these risks are getting worse. For hackers, writing a code to deploy malware can take hours, and that’s for coders with tremendous experience. However, with machine learning, the process can be much quicker, allowing machines to create  code within seconds.

Read more about cybersecurity, malware, and social engineering in The Art of Deception by Kevin D. Mitnick & William L. Simon

What is Social Engineering?

Social engineering attacks are malicious cyber activities carried out through human interaction. With the rise of social media, the use of email and technology, social engineering has become extremely common. It involves psychological manipulation to threaten and attack human beings behind a device. Without the proper understanding of social engineering threats, it can be very easy to fall for pharming, phishing, and other digital scams. 

If you want to learn more about social engineering and get a full understanding of how it’s exercised, there’s an incredibly successful book called, “The Art of Deception,” by Kevin D. Mitnick & William L. Simon, that explains it extensively and that we highly recommend.

Phishing

One of the most common social engineering threats is phishing. In phishing attacks, hackers will disguise fraudulent links or attachments to appear credible. For instance, the attacker might send an email to an employee under the boss’s name, making it seem legitimate by changing one letter of the email address. Let’s say that, in this message there’s a fraudulent link with information about an upcoming project. The employee chooses to open it, assuming it’s a normal day and that it’s just another regular email from their boss. Instead, they get hit with a computer virus that now takes over the functionality of their device. Without the right cybersecurity awareness training, employees can easily fall for these scams and put not just their work computer at risk, but an entire network.

Artificial Intelligence//AI Timeline, since 1950 to 2017
A gorgeous and detailed AI timeline, courtesy of syzygy-group.net

How does AI come into play with malware and social engineering?

Now, with the greater powers of artificial intelligence, machine learning can help deploy more effective malware. AI-powered malware can think for itself and adjust actions accordingly depending on the situation. This way, it can target specific individuals and systems in order to attack them in the way it sees fit. AI malware, in essence, can act like a human in order to orchestrate high-powered attacks.

Similarly, AI can aid in social engineering attacks by making them more sophisticated. One of the easiest ways AI can be involved in phishing attacks is with ads and big data. When you search the web (without a VPN or outside of private browsing) search engines can collect data about your searches to cater your advertisements. This data collection is typically not malicious and major corporations are usually sure to adhere to strict legal limits. With AI, however, it could be used to generate phishing scams. Always be cautious when looking at ads, especially those that seem “phishy”! 

Social engineering meme:
"why did you click on that phishing link?"
"I just wanted a free smartphone"

Can AI make malware?

In the past, some professionals have denied the power of AI-malware, stating that it doesn’t in fact exist. At least, it didn’t but it does now. On April 13, 2023, Fox News reported that as part of a controlled test, Forcepoint security researcher, Aaron Mulgrew, was able to create an AI-powered malware, “that was as sophisticated as any nation-state malware,” on his own (as in, void of the usual team of hackers), through ChatGPT. While ChatGPT has been designed to prevent people from using it maliciously, he was able to find some loopholes. This is just one example of the kind of security testing that’s needed so that AI-powered programs like ChatGPT can be further improved in its design.

This malware was created as part of a controlled-test, so have no fear, AI-powered malware isn’t out in the wild. But another version like it, at some point in the future, could be. AI-powered malware has the ability to strengthen malware attacks by being able to perform some of the following tasks:

  • Computer worms will adapt to systems they are trying to affect
  • Malware will change its code to avoid detection
  • Malware attacks will adapt to social engineering attacks, like with data from social media sites
  • And more.. !

Social Engineering and Artificial Intelligence

As with phishing and social engineering, AI is seen to be the next generation of hacking. Automation already allows hackers to easily personalize attacks based on digital information; AI could take this to the next level. Some examples of the use of AI with social engineering include deepfakes and bots.

Deepfakes, One of the Many Dangers of AI

You might have seen deepfake videos scattered around the internet, or in movies and TV. People will use AI to dub voices and create fake videos of celebrities, politicians or other prominent individuals. Videos like this are often humiliating and they could easily destroy a person’s reputation. AI is essential to creating them.

Deepfakes can also be created for mere amusement or bullying, as a form of blackmail (for example, for the purpose of demanding a ransom or certain action, to prevent the video from going public) and more. If viewers don’t know it’s a deepfake, the effects of these videos could be calamitous.

The best way to describe a deepfake is to show you one. One popular example is the man known as the “Chinese Elon Musk.” This is a deepfake that’s kind of fun, when compared to the typical disturbing nature of these videos.

One YouTube comment, seen in response to Xiamanyc’s video, where he “interviewed” the Chinese Elon Musk, says it is all:

"Deepfake is really scary. Imagine having to defend yourself in court for something you clearly didn't say or do, but facial recognition can't tell you apart from the AI generated image?"

There’s also a fantastic scene featuring a deepfake in Netflix’s Lupin (available in its original French audio, English audio and other languages as well). In the deepfake video, the commissioner of the Parisian police (remember, it’s from a TV show) is manically talking to himself in his bathroom mirror, saying incredibly obscene things, like, “Corruption is my passion!,” among others. Lupin, the main character, presents him with the video to indicate that it would be very easy to blackmail him, whether it was real or not; what mattered is that it looked real and because of that, the public would consider it to be true.

Can AI Fight Against Malware and Phishing?

Can AI fight against malware and phishing??

AI seems like a deadly force in the world of cybersecurity but it can actually be helpful in the fight against malware and phishing attacks. However, using machine learning to accurately detect and ward off malware is not entirely easy; it takes a lot of time to teach machines good behaviors. It requires collecting, analyzing, and processing data, which demands a lot of power. Since behaviors and codes are constantly changing, it’s a task that’s also always ongoing. AI and machine learning can actually assist with this, in order to eliminate some of the tedious manual work involved, that might be difficult for humans to achieve alone.

AI is constantly evolving, and compared to the rest of us, it doesn’t tire out; unburdened by biology, AI doesn’t need to clock out at the end of the work day. Machines can handle big data and can be designed to generate thoughtful and discerning behavioral patterns, in order to squash malware. Some companies have already employed AI in the name of cybersecurity, like Trend Micro, with their product, Trend Micro XDR, which stands for Extended Detection and Response.

AI can continuously monitor for, and detect, malware, but it’s not entirely fool-proof. Machines can sometimes detect false positives. This is due to the fact that AI will inherently assume any “anomaly” in code is evidence of malware. Since machines aren’t actually human, they cannot possibly understand what everything is, and can only simulate how a human acts and thinks. They will therefore assume anything that seems out of the ordinary is dangerous, which may not be true. This is a general flaw in all AI and machine learning, so teaching machines to be perceptive is paramount. 

AI is a Cybersecurity Concern for All…

It is important to note that AI is a concern for a lot of individuals; even for big-names in the technology space. For example, Elon Musk, warns that artificial intelligence is one of the biggest concerns and threats to our current society. Musk is known as the genius behind Tesla, SpaceX and more recently, the owner of Twitter, three prominent tech companies. Back in 2017, Elon Musk met with and warned governors of the risks associated with AI.

Elon Musk - Emerging Technologies - Tesla and SpaceX CEO
Source: CSPAN

ChatGPT

Musk was one of the co-founders of OpenAI but left the board back in 2018. He created the firm because Google was not paying good attention to AI safety, according to Musk. OpenAI is the firm behind the artificial intelligence chatbot known as ChatGPT. With ChatGPT, users can simply input a question or prompt and receive an AI-generated response within seconds. ChatGPT can help students with homework, employees write emails, and so much more. The mere power of ChatGPT shows just how powerful artificial intelligence can be – and just how concerning that can be for humanity. AI has become so advanced that it’s led many to question where it’ll take us in the future.

OpenAI
Chat GPT Logo

Again this year, in 2023, Musk sounded the bell about AI. Musk himself says that there is so much power and responsibility that comes with AI but unfortunately, that also “comes [with] great danger.” He firmly believes that “… we need to regulate AI safety, frankly…” and that AI is “… actually a bigger risk to society than cars or planes or medicine.” Better regulation for artificial intelligence can definitely help to mitigate threats. Musk says that such regulation, “may slow down AI a little bit, but [he thinks] that, that might also be a good thing.”

Will Smith plays the hero in I, Robot (2004) a science fiction action film about AI robots that take over the world.
Will Smith plays the hero in I, Robot (2004) a science fiction action film about AI robots that take over the world.
Smith in I, Robot

On a National Level

AI security has also more recently become a national concern. Just a few days ago, the Biden administration said that it’s looking into accountability measures and concerns for current AI systems. They mention the potential national security and education threats that AI bots like ChatGPT can create. Some technology ethical groups have even joined the conversation, as a result of their concerns about the safety of AI. The Center for Artificial Intelligence and Digital Policy, for example, requested that the U.S. Federal Trade Commission stop OpenAI from releasing newer versions of ChatGPT. They claim that it’s “biased, deceptive, and a risk to privacy and public safety.” Bringing this to the attention of the United States government shows just how much of a concern modern AI advancements might be for national security.

Artificial Intelligence art 1/3
AI artist joooo.ann shows us that AI can be pretty beautiful.
Artificial Intelligence art 2/3
Artificial Intelligence art 3/3

Preparation & Prevention: Cybersecurity Measures for your Business to Take

Cybersecurity and Artificial intelligence

When it comes to cyberattacks, the best way to protect your business from any AI-based malware is by implementing top-tier cybersecurity tactics. Unfortunately, due to the novelty and limitless power (for now) that AI holds, it can be challenging to be fully protected but that doesn’t mean that no action should be taken. Taking the steps necessary to protect your device and network is essential. This includes:

it cybersecurity for business
  • Having Business-grade antivirus installed on all devices
  • Implementing two-step authentication and strong log-in information for all employees
  • Creating a policy that calls for a physical security key (like a Yubi key) for employees, executives and shareholders, to access any business accounts (whether at the office or at home)
  • Ensuring the security of both personal and work mobile devices, as well as any and all home office devices
  • Keeping all devices locked away and in a safe place
  • Investing in good cybersecurity awareness training to ensure your employees understand common threats, like phishing and other forms of social engineering 
  • Running frequent updates of operating systems (OS) and software to limit vulnerabilities
  • Deleting outdated software that’s no longer supported (meaning that the manufacturer has stopped releasing updates, which always include important security patches)
  • Replacing old, vulnerable devices that might pose a threat to your business
  • Constant network monitoring to always be one step ahead of attacks

We Get It

At Computero, we understand the value of high-quality cybersecurity and tech support. We help secure businesses like yours with the latest cybersecurity technology, to ensure that your operations, data and network are protected from the dubious intentions of cyber criminals. AI-based malware is still new and will only become a more frightening reality but with the right modus operandi and a reliable IT service provider to implement it, your business can stay protected. We offer a multitude of services like 24/7 server and network monitoring, business-grade antivirus, desktop and application management, helpdesk, and so much more.

A Final Note on AI and Malware 

The presence of AI in malware and phishing has become an apparent concern. For that reason, putting an emphasis on cybersecurity is a wise choice. Your business needs the right measures to safeguard its data, reputation, employees, and clients. A data breach, ransomware attack, or some other cyber threat, could be costly in so many ways, for anyone affiliated with your company. Do not take these risks lightly, as anything can happen at any time. Even the most intelligent cybersecurity experts cannot entirely predict the severity of what hackers will do. Especially with the new challenges that come with AI, tracking threats is becoming more complex. Protect your business by partnering with an information technology service provider like Computero today.

0 Comments

aruba

Pick your next post

Why Every Organization Needs Managed IT Services

Why Every Organization Needs Managed IT Services

When your computer battery dies, how do you get it to work? If your internet connection fails, how will it get back up? If you need to access storage from a lost or damaged device, how do you find it? With so much of our organizations relying on technology, it is...

read more
How Many IP Addresses Are There?

How Many IP Addresses Are There?

An Internet Protocol address (IP) uniquely identifies each device connected to the Internet. Computers connected to the Internet share information with a particular location using IP addresses. An IP address has two distinct versions. The older of the two Internet...

read more
What is Remote Desktop Protocol (RDP)?

What is Remote Desktop Protocol (RDP)?

Remote Desktop Protocol (RDP) is a secure layered network communication protocol developed by Microsoft that enables network administrators to diagnose problems that users encounter remotely and provide users secure remote access to their physical work desktop...

read more
What is a Brute Force Attack?

What is a Brute Force Attack?

A brute force attack is a hacking method where it uses the trial and error method to crack passwords, login credentials, and encryption keys. It is a simple but effective and reliable method for gaining access to individual account and organization systems and...

read more