The real impact of AI on ransomware
Artificial intelligence is the biggest topic of 2024. While some are already tired of seeing AI constantly in the headlines, it will only become more prevalent. Keeping up with how it changes business practices is then critical. AI is undeniably disrupting most digital industries, including cybercrime.
As a result, it is important to cut through the hype and get to the facts about AI. A lot has been said about AI's potential impact on the global ransomware threat, but what is the real impact?
The AI Good Actors and Bad Actors
It's easy to be worried about the immense (and a little scary) future potential of AI on cybercrime and society, but it's more helpful to focus on the here and now. Currently, AI is just another tool at threat actors' disposal, but it does significantly lower the barrier of entry for criminals. The White House Office of the National Cyber Director (ONCD) and the Federal Bureau of Investigation (FBI) warned how AI could make Americans' privacy more vulnerable by simplifying the extraction, identification, and exploitation of personal data.
Leveraging AI's assistance with coding has been common among legitimate programmers. Whether it's analyzing broken code or providing answers faster than Google, AI will play a role in supporting hackers just as much as developers. But while this might make ransomware gangs' lives easier, it won't make things necessarily worse for security teams as depending on who you ask, the AI-coded end product might even be worse.
That said, other present use cases are more impactful. AI algorithms can chart out architecture and endpoints, as well as identify vulnerabilities, by scanning networks or environments. Threat actors do this manually today, but AI will increasingly simplify this task and boost its effectiveness. Cyber attackers can also utilize AI to automate information gathering for more targeted attacks. These tools can scour the internet, especially social media, to collect as much information on a target as possible before launching phishing and social engineering attacks.
The final common use of AI by cybercriminals is 'weaponized phishing,' but that is probably underselling it as AI is the weapon. At its simplest, even the most commonly accessible AI tools can be used to create better phishing emails -- closing the language barrier gap that often makes such scams identifiable. This is another example of AI improving existing malicious activity, but the voice cloning (aka deepfakes) of specific people and the combination with automated information gathering means the next generation of social engineering.
Impact on Security
While cybercriminals having more tools at their disposal is always going to be concerning, there are two things to bear in mind: first, security teams also have access to these tools, and second, AI will make cyberattacks more sophisticated and successful. For now, it isn't introducing any brand-new or entirely novel threats, so there's no need to tear up the playbook.
AI is already a regular tool for bad actors and defenders in ransomware fights. While criminal groups leverage shadowy online markets for their AI-powered solutions, legitimate security companies have a much larger pool of resources at their disposal. This advantage is reflected in the sheer size of the industries involved. Though the $14 billion (2022) ransomware industry is significant, it pales in comparison to the $222 billion global security market.
On the security side, AI can be used for behavioral analytics, threat detection, and vulnerability scanning to detect malicious activities and risks. AI can be employed to monitor the system via vulnerability and entry point scans, and activity on the system like behavioral analytics and data analysis. AI-powered security looks to forecast and capture threats before they become breaches. Advanced tools will instinctively respond to identified threats, alerting security teams, or limiting access. Just like for attackers, most of these concepts currently exist in the form of firewalls and malware detectors, but AI is boosting their efficiency and efficacy.
There's no Substitute for the Basic Principles
So, even though AI will be used on both sides, it's not a case of creating some futuristic AI battle (as exciting as that may sound). For now, ransomware isn't changing, and attackers' tactics are staying relatively the same. This means tried-and-true security practices like digital hygiene and zero trust are still highly effective. Security must keep up as ransomware prevention and resilience must always work.
Ultimately, the best practice remains the best practice. As AI-enabled ransomware rises, having several immutable copies of your data is more important than ever. When all else fails - backup and recovery are what make or break a business. Even the most advanced phishing attacks are futile when your immutable backup and recovery system becomes your saving grace.
As backup is your last line of defense, you must know you can rely on it. Again, the best practice has stayed the same here. Following the 3-2-1 backup rule, it's maintaining three copies of your data, using two different types of media for storage, and keeping at least one copy off-site. A well-rehearsed recovery strategy is also a must-have. This includes scanning backups for infection and creating a recovery environment that is readily deployable whenever.
It's less daunting than it seems. AI isn't changing everything -- it's just a natural progression. Progression is the name of the game in cybersecurity -- you can't do everything, but you should do something. You can rely on the basic principles, so keep following those, keep up to date on best practices, and ensure you can trust your backup when all else fails.
Image Credit: Irinayeryomina / Dreamstime.com
Rick Vanover is Vice President Product Strategy, Veeam.