New paradigms for automation in cybersecurity are emerging from artificial intelligence and machine learning. Computers using AI and ML are built for a variety of fundamental tasks, such as speech recognition, learning and planning, and problem-solving. They make it possible for predictive analytics to make statistical conclusions to reduce risks while consuming fewer resources.

Data synthesis is undoubtedly helpful in cybersecurity for reducing threats. AI and ML in the context of cybersecurity can offer a quicker way to discover new attacks, make statistical inferences, and send that information to endpoint protection solutions. Due to the severe lack of experienced cybersecurity employees and expanding attack surface, this is extremely crucial.

In fact, cybersecurity can be greatly aided by artificial intelligence. The threat horizon informs everything you do. You must be aware of what is in your system and who might be acting in an unusual way. Automated cybersecurity systems for threat detection, information assurance, and resilience may act as the binding agents that allow businesses to use emerging technologies to their fullest potential while being operationally secure in a world of converging sensors and algorithms.

While AI and ML can be useful tools for cyber-defense, they also be used for offensive cyber- attacks. Threat actors can also utilize them to move more quickly exploit threat abnormalities. AI and MI are already being used by adversarial nation states and criminal hackers to identify and take advantage of threat detection model weaknesses. They employ a variety of techniques to do this. Their preferred methods frequently involve automated human-impersonating phishing attacks and malware that self-modifies to trick or even defeat cyber-defense systems and programs. They can also develop malicious code by using programs such as ChatGPT and others found in tools shared on the Dark Web or even from open sources.

Cybercriminals are already attacking and investigating the networks of their victims using AI and ML capabilities. Healthcare institutions in particular, small businesses, and organizations, that cannot afford major investments in defensive developing cybersecurity are primary targets.

A Terrifying Cyber-Threat: Polymorphic Malware

Malware that is continually evolving is challenging to both find and stop. Polymorphic malware can do that. Malware that can change its form, made possible by machine learning algorithms and ultimately artificial intelligence.

Malware that is polymorphic uses the idea of polymorphism to avoid detection rather than for efficiency. The concept behind polymorphic malware is that if a specific malware strain is recognized for having particular characteristics, future versions of that infection might avoid detection by making minor changes.

This makes it possible for countless malware files that all carry out the identical task to seem sufficiently distinctive to avoid detection as malware. All varieties of malware have been found to be able to contain polymorphic code, including ransomware, key loggers, rootkits, and adware.

Polymorphic malware is currently being shared more frequently by criminal hacking groups and might perhaps become a real issue in the future as it can circumvent two-factor authentication and other authentication security procedures.

Advanced Intelligent Botnets:

A group of internet-connected computers and other devices that are a part of a network under the control of hackers make up botnets. Like a biological virus, a bot can infect machines with malware and/or ransomware that can be self-replicating and harmful. Attackers frequently use Wi-Fi routers, web servers, and network bridges to attack PCs that aren't protected by firewalls and/or anti-virus software. In addition to impersonating real users, bots scrape IP, steal PII, overwhelm platforms, and do other things.

Unfortunately, criminal hackers have access to a wide range of tools, including those for key logging to collect passwords and the phishing attempts that can also be used to obtain information and identities by pretending to be businesses. Hackers are also successfully employing botnets for cryptocurrency mining to steal the bandwidth and electricity from unknowing machines. On the dark web and hacker forums, many of these more dangerous botnet tools are freely marketed and distributed.

Artificial intelligence and machine learning advancements have made it possible for botnets to easily automate and quickly scale up cyberattacks. Cybercriminals are increasingly using Bot-as-a-Service to outsource attacks. Although there are several other kinds of botnets, Distributed Denial of Service (DDoS)-style attacks are still regarded as the most frequent danger.

Ransomware – The Scourge Continues

Ransomware is a type of malware cyber-attack where key files are encrypted encryption by hackers that renders data inaccessible to the victim. It is a criminal extortion tool and after an attack has occurred, the hackers will promise to restore systems and data when ransom is paid by the victims.

The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors.

Ransomware has increased because of new methods of malware delivery and the ability for criminal hackers to get paid via cryptocurrencies while remaining anonymous. Ransom demands, recovery times, payments, and breach lawsuits are all on the rise as the trend continues. Ransomware-based extortion by hackers who demand payment in cryptocurrency poses a potentially persistent and developing threat.

Digital Assets and Data Management by Baker Hostettler looked at more than 1,160 instances through 2022. The research reveals that threat actors continue to adapt and get access to the network through elusive malware, social engineering, "multi-factor authentication bombing," and credential stuffing, even though many firms have strengthened security and resilience.

In almost every industry, the average amount of time it took to recover from ransomware increased, "and in most cases, significantly." In 2021, it took little over a week on average for all industries to recover. The average recovery time in the retail, dining, and hospitality industries rose from 7.8 days in 2021 to 14.9 days in 2022 over the course of the previous year, or a 91% growth.

Supply Chains Require Cybersecurity Bolstering

The supply chain has historically been one of the areas where cyberattacks have been most vulnerable. Supply chain cyber-attacks can be perpetrated by nation state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain. This is often done through taking advantage of poor security practices of suppliers, embedding compromised (or counterfeit) hardware and software, or from insider threats within networks.

The Colonial Pipeline and Solar Winds breaches, among many others, served as a spotlight on this. Protecting a company or organization from the widest range of cyber-attacks is a difficult endeavor, but when they are linked to other parties or vendors in a supply chain, the difficulty increases. The truth is that most businesses have lately discovered security issues in the software supply chain.

In the past year, nearly 90% of IT professionals identified substantial risks in their software supply chain, according to the Reversing Labs Software Supply Chain Risk Survey. More than 70% of respondents claimed that modern application security options do not provide the required safeguards. For the study, more than 300 business company leaders from around the world as well as technology and security experts at all seniority levels were polled.

"Almost all respondents (98%) acknowledged that problems with the software supply chain pose a substantial risk to the business, citing worries about vulnerabilities beyond the code, secrets being exposed, tampering, and certificate misconfigurations. It's interesting to note that, among technology professionals, more than half (55%) recognized harmful code (52%) and suspicious code (46%) as severe business risks. Nine Out of 10 Companies Detected Significant Software (globenewswire.com)

Quantum Computing – QDay is not Far off!

The primary risks that these systems will permit as well as the quick development of quantum computing are serious. Decryption of private information will be possible. Current cybersecurity protocols typically use pseudo-random numbers to encrypt sensitive information such as passwords, personal data, or even blockchains. Quantum computers can crack the methods traditional computers use to generate random numbers, posing a huge threat to any organization using standard encryption tools.

When full quantum computing comes online, public key algorithms will become vulnerable and perhaps obsolete – this is termed QDay. The urgency of a Q-Day was the subject of a lecture of mine for The Economist conference, “A look into Commercialising Quantum 2022 in London”. There is little doubt that quantum computers will be able to perform faster and more precise computations than classical computers and could pose geo-military threats if in the wrong hands. And that the same computing power that allows complex problems to be solved can, in turn, be applied to undermine cybersecurity. This is because current cybersecurity protocols typically use pseudo-random numbers to encrypt sensitive information such as passwords, personal data, and quantum computers can crack the methods traditional computers use to generate random numbers, posing a significant threat to any organization using standard encryption tools.

The primary risks that these systems will permit as well as the quick development of quantum computing are serious. Sensitive files will be able to be decrypted, and communications will be impenetrable to online attackers. To adequately safeguard crucial infrastructure for the quantum future, government agencies and companies will need to strengthen security initiatives across industries.

Machine learning and artificial intelligence, polymorphic malware, advanced botnets, ransomware, supply chains, and quantum computing are just 6 highlighted transformative areas where threat trends will need special attention from CISOs, CIOs, and security practitioners, The many others to watch and mitigate as cybersecurity challenges continually morph. Everyone digitally connected will need to remain vigilant and informed.

About the Author:

Chuck Brooks is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is an Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program where he has taught courses on risk management, emerging technologies, and cybersecurity. Chuck has served in executive roles both in government (a 2-time Presidential Appointee) and in industry. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named “Cybersecurity Person of the Year for 2022” by The Cyber Express, and as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica "Who's Who in Cybersecurity" He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, Contributor to SkyTop Media, and a Contributor to FORBES. He has an MA from the University of Chicago, and a BA from DePauw University.