The recently released IoT and OT threat landscape assessment and analysis report from Sectrio has revealed many previously unknown aspects of AI’s use in conceptualizing and executing cyberattacks. This report presents a detailed view of the models and techniques that hackers use to deploy AI for improving targeting, conducting scans, and automating the modification of ransomware to better exploit security gaps.
Table of Contents
According to the report, hackers use the following foundational steps in their core model
- Dataset creation and validation
- Assessing the potency of malware or scanning tools
- Mapping exploits and modifying malware to specific exploits
- Sandbox evasion testing
- Release in the wild
Sectrio’s threat researchers discovered one variant of Lockbit 3.0 that was modified with the help of AI. It appears that AI was used to conduct several editing runs, and the result was possibly tested in a sandbox environment by malware developers. The variant was released for a brief period in 2022. Hackers now have plenty of experience in conceptualizing and deploying malware using AI.
Page 8 of the IoT and OT threat landscape assessment and analysis report 2023 provides information on specific AI-based threats, their potential impact, and the timeframe in which such threats could manifest.
The evolution of AI-based malware and cyberattacks is still in its early days. In the next few years, hackers will deploy AI to identify potential targets for cyberattacks, as well as use a wide array of datasets and tools across some of these scenarios:
- Infrastructure-related data that covers existing application and network components and their replacement cycles
- Vacation patterns of key security personnel to identify potential windows to launch a crippling cyberattack
- Automated creation of new malware variants that generate variants at specific intervals
- Procurement and supply chain footprint to identify potential procurements (with or without backdoors) that could open doors for the deployment of custom malware
- Internet and social media access patterns and potential passwords of employees, especially those with privileges
- BYOD-related security gaps: to identify personal devices of employees to zero in on a device that could be used to carry malware into the target network
- Scheduling automated cyberattacks after considering all the above scenarios
- Triggering post-encryption negotiations, including automated VoIP calls and emails to the victims, and selective data leaks
- Automated management of the creation and operation of bot farms
Some of these scenarios are already playing out, while others could turn into reality in the months and years to come. The pace of the evolution of AI-based cyberattacks and malware development is a significant concern. Hackers have covered many milestones rapidly, and this means that they are betting big on AI and the use cases it affords.
CISOs and those connected with IoT and OT security need to watch out for AI-powered cyberattacks and make necessary changes to their infrastructure to detect and contain such cyberattacks. They also need to invest in developing programs to sensitize employees to prevent them from becoming unwitting pawns in the hands of hackers.
Wish to learn more about the latest tactics and strategies adopted by bad actors? Download the latest edition of Sectrio’s IoT and OT threat landscape analysis report and get ahead of the curve: The Global OT & IoT Threat Landscape Assessment and Analysis Report 2023
In case you wish to book a session on the findings of the report, reach out to us here: Contact Sectrio