The alarms have been going off for some time about the growing role of AI in cyber attacks. In 2017, a survey of cybersecurity professionals found that 91 percent are concerned about AI-powered attacks against companies. More recently, an article in Fortune Magazine warned that the future of cybersecurity would pit artificial intelligence wielded by good guys against weaponized AI in the arsenal of bad actors.
According to Nicole Eagan, CEO of Darktrace, “It’s going to become AI against AI. It’s going to become a full-on war of algorithms.” It’s a sentiment shared by others in the industry.
“The threat from AI is growing,” warns Alfred Salmon, the director of cybersecurity at the College of Southern Nevada.
Smarter MSP caught up with Salmon, who also owns Rex Technology, an MSP in Las Vegas. He states that hackers are primarily using AI for recon missions and sending phishing emails.
AI helps hackers learn about their targets
By using AI, hackers can begin to develop algorithms that help determine which types of emails a specific person is most likely to open. For example, Sue in accounting never ignores an email from her sister or her utility company. AI can develop a “profile” of which type of email Sue will open so that hackers can then come up with a highly targeted, personalized phishing attack.
“AI can learn and adapt to changes, thus allowing the hacker to have AI do all the grunt work until they gain access. For one of my clients, I saw an attack that came from the same internet address for over a month. The interesting part is how the attacks kept adapting and changing,” details Salmon.
He continues, “The initial attack was a phishing email to everyone in the organization. The second attack occurred the next day, targeting only a specific group that had visited certain pages. The third attack sent several different emails with links to a fake website.” Turns out, the attackers were powered by an AI tool, using a “social engineer toolkit” and they were just modifying the payload.
Salmon says the rise of AI combined with kiddie-scripts are a potent force and he’s an advocate of MSPs using paid off-the-shelf products to combat these new threats.
Salmon’s MSP thrives in the shadow of Las Vegas’s neon lights, with clients ranging from casinos to manufacturing. He also does compliance consulting for medium and large organizations. Salmon says that MSPs and organizations will have to embrace defense tools that learn what is “normal” for an organization’s network, so that the IT staff or MSP to make corrective actions.
“These types of tools are only going to grow in importance and organizations need to have strategies to implement these effectively,” Salmon says.
Bigger threat than AI?
According to Salmon, there is an existing threat more menacing than AI: MSPs that cut corners on security.
“The biggest threat in cybersecurity are MSPs. One of the issues is how MSPs operate. Time is money, and many MSPs know that no one will check to see if certain security measures are in place. This lax type of thinking is the largest danger,” Salmon says.
In Salmon’s role as both an academic and cybersecurity professional, he says he has witnessed first-hand MSPs that dismissed violations as “unimportant.” In reality, violations of federal security mandates (like HIPAA) can leave a client exposed.
Salmon recently did a security audit of a city in northern California whose MSP was responsible for the networks that handled emergency services (police, EMS), government operations, and some state services. The MSP had claimed that plenty of protection was in place, but Salmon found otherwise.
“They didn’t do anything in terms of security. The owner of the MSP stated that if any client wanted certain security issues handled, it would be taken care of. However, if the client doesn’t ask, then the MSP wouldn’t do anything,” Salmon reported.
Often, people who don’t have a technical background rely on their MSP to guide them, in the same way that someone who doesn’t know much about cars is at the mercy of their mechanic.
According to Salmon, “The MSP knew that the client didn’t know what needed to be protected, nor did they know what legal regulations needed to be met.”
One problem is that some MSP’s don’t even offer security. The MSP makes sure the networks are up and running, and all the switches and routers are doing their thing, but they’ll scrimp on security.
“Many MSPs may not build security into their work contract, yet clients have the base expectation that MSPs should include security. I have dealt with many MSPs that say they handle all security needs, but they don’t follow basic best practices, nor do they follow regulations or laws,” describes Salmon.
Of course, SmarterMSP has found that the majority of MSP’s don’t cut corners and do their due diligence, but Salmon’s experiences are an excellent reminder to look in the MSP mirror and examine one’s services and transparency. That may end up being MSPs’ most potent weapon against the growing threat of AI.
Photo: PabloLagarto / Shutterstock
