AI is revolutionizing the world of information security with its abilities to help identify attacks, draw conclusions and perform automatic response actions. But alongside this, the AI is also used to create fraud and cyber attacks. Ben Gelman from Sophos reviews the advantages and disadvantages of AI, its contribution to the field and the solutions offered by Sophos for organizations.
By Ben Gelman
The field of information security is undergoing a significant transformation with the development of artificial intelligence [AI] technologies. New AI solutions offer a wide range of options for protecting systems and data from advanced threats by performing automatic actions and drawing conclusions based on artificial intelligence and machine learning while improving the efficiency of security teams.
There are many aspects to artificial intelligence in cyber security. Sophos, like most providers, leverages artificial intelligence to optimize the detection of attacks and the execution of responses – activities that occur behind the scenes of the company’s security technologies and services. We integrate artificial intelligence into everything we do, from Sophos X-Ops threat intelligence to the latest cyber solutions, to enable our technologies and human experts to isolate and respond to critical alerts and incidents as quickly as possible. We will continue to develop the co-pilot AI security model to identify new threats and to fully automate our security operations to combat the growing threats.
Artificial intelligence continues to play a critical role in identifying, analyzing and resolving threats. With the addition of large language models, we expect improvements in all of our AI capabilities. We adapt s’LLM to improve effective threat detection models and develop our own co-pilot to standardize how human analysts interact with threat intelligence and incident resolution. Artificial intelligence is a necessary part of cyber defense and will integrate with the field more closely in the future.
The Dark Side of AI: Creating Fraud
Another facet of artificial intelligence is the use of fraud created by AI. SophosAI, which operates as part of Sophos X-Ops which investigates artificial intelligence in the security field, recently revealed how attackers can leverage artificial intelligence to create real-looking but malicious websites to lure and deceive users. In the report “The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI”, Sophos recently revealed how in the not too distant future an attack group could leverage technology like ChatGPT to commit massive scale scams with minimal technical skills.
Using a simple e-commerce template and an LLM tool like GPT-4, the Sophos X-Ops team was able to build a fully functional website with AI-generated images, audio and product descriptions, as well as a fake Facebook login page and a fake payment page, which can steal users’ passwords and credit information . The establishment and operation of the site require minimal technical knowledge, and using the same tool the research team was able to create hundreds of similar sites within minutes and in one operation.
It is natural and expected that cybercriminals will adopt new technologies to improve automation. The creation of spam was a critical step in fraud technology because it changed the scale of the playing field. The new AI tools are designed to do the same; AI technology can produce significant threats, and eventually it can be assumed that criminals will use it. We’ve already seen the incorporation of AI elements in classic scams, such as AI-generated text or images to lure victims.
However, one of the reasons we did the research was to try and be one step ahead of the criminals. By creating a system for creating large-scale fake websites that is actually more advanced than the tools criminals use today, we have a unique opportunity to analyze and prepare for a threat before it escalates.
This is another example of how Sophos makes every effort to innovate and constantly think of solutions, with the anticipation of the attacker’s next move in the background. Sophos, with its variety of solutions, can protect in a better way, in real time, for the simple reason that we are always thinking of the next thing and incorporating it into our cyber security solutions.
Cyber Security Solutions As A Service
As cyber attacks become more complex and effective, organizations will need to move towards managed services for cyber protection. Implementing internal security will become especially expensive and dangerous, as the requirements for secure operation increase. Cyber security solutions as a service, such as Sophos MDR, bring together human, infrastructure and AI expertise to tackle the newest threats. It is likely that we will continue to see beyond the concentration of the industry in the future.
An integrated artificial intelligence solution reduces costs and enables organizations to face the growing challenges in the field. The tangible benefits are many: accurate threat detection: AI systems based on machine learning are able to detect unusual and suspicious behaviors on the network, while identifying new and developing threats in real time; Automatic response to events: AI solutions can automatically respond to security events, blocking attacks and preventing potential damage; Advanced data analysis: AI systems enable in-depth analysis of security data, while identifying trends and exposing weak points in systems; Effective risk management: AI solutions help assess risks and allocate resources effectively, focusing on the most important threats.
Artificial intelligence improves the ability to identify suspicious patterns and behaviors that is not possible with manual systems. The statistical nature of artificial intelligence enables complex decisions about suspicious behaviors that cannot be replicated by human effort.
Ben Gelman is the Senior Data Scientist at Sophos