Cyber attackers using Gen AI more effectively than defenders: CYFIRMA founder

In the wake of the pandemic, the landscape of cybersecurity has undergone a radical transformation. Cybercriminals have extended their reach beyond financial motives. Meanwhile, the rapid adoption of cutting-edge technologies has provided malicious actors with a swift path to create chaos. In an interaction with TechCircle, Kumar Ritesh, Founder and CEO of cyber security company CYFIRMA, talks about how hacking groups are using artificial intelligence/machine learning (AI/ML), and deepfake innovations for their exploits. Edited Excerpt:  
 
What cybersecurity trends have you noticed since the pandemic, and how is your company adjusting to them?  

The post-pandemic world has brought significant changes to cybersecurity for attackers and defenders. Three trends drive a rise in cybercrime. First, cybercriminals' motivations expand beyond finance, joining state-sponsored groups for strategic hacking. Well-funded, these groups orchestrate cyberwar with clear motives, affecting commercial organisations. Despite investments in security, effective defense remains challenging.  

The second disturbing trend involves cybercriminals rapidly utilising new technology innovations for malicious purposes. Hacking groups are early adopters of advancements like AI, ML, and deepfake technology. They now use deepfakes to impersonate identities and spread disinformation, causing extensive disruptions. Defenders struggle to identify and counter these threats due to deepfake’s deceptive nature.   

The third trend to note is the increasing number of victims paying ransom during attacks. Previously at 3%, the percentage of organisations paying ransoms has surged to 37% in recent years. Attackers not only encrypt files and demand ransoms, but they also publicly share stolen data, pressuring and shaming victims into compliance.  

To help defenders adapt, organisations should be aware of their adversaries, recognise their vulnerabilities, understand their digital presence, assess their brand's appeal to cyber criminals, and be informed about their industry, technology, and location of cyber threats. This knowledge will aid in distinguishing responses based on the nature of attackers, whether they are state-sponsored, financially motivated, or inexperienced individuals. 
 
How can enterprises defend against cyber-attacks in the age of new technologies? 

The evolving threat landscape stems from economic, societal, technological, and geopolitical shifts that consistently influence the cyber realm. Guided by this understanding, we assist clients in their cyber defense strategy by emphasizing two key principles: understanding adversaries and self-awareness. To achieve this, we've developed DeCYFIR, a cloud-based platform for managing external threats. It offers a comprehensive unified threat management solution, empowering defenders with actionable insights to proactively thwart cyber threats. 

With our offensive cyber expertise and frontline cyberwar experience, we've pinpointed six crucial threat pillars for constant monitoring. Our AI and ML models analyse data at scale to predict attacks. These pillars include attack surface discovery, vulnerability intelligence, brand intelligence, digital risk monitoring, situational awareness, and cyber intelligence. 

We begin by identifying potential attack surfaces, encompassing IT and OT assets. We then pinpoint weaknesses and vulnerabilities in these surfaces. Simultaneously, we evaluate your brand's appeal to potential threats. We assess your digital footprint, searching for risks like exfiltrated files, source code, and impersonation. Our situational awareness includes industry-specific cybercrime trends, technology insights, and geolocation-specific threats. We analyse cybercriminal exploitation of your technology stack. Geolocation matters due to varying threat landscapes.  
 
How do cyberattacks differ in India compared to other countries? 

Our research indicates a growing trend of broader and deeper collaboration among threat actor groups, often state-sponsored, driven by geopolitical motives. Notably, India faces threats from state actors such as North Korea, Russia, and China, which jointly employ cyberinfrastructure, malware, and tactics to target the Indian government and businesses. This global shift sees hacking-as-a-service emerging as the norm for attack recruitment, planning, and execution. Nation states now opt to hire hackers from different countries instead of directly launching attacks themselves. 

Our research reveals recent North Korean attacks on India employing tools originating from Russia and China. The acquisition of these tools by North Korea underscores the issue of cross-border hacking services. This highlights the need for a revamped approach to both responding to and monitoring cyberattacks. Such a strategy necessitates a platform that delves into the cybercrime community to monitor activities, collaborations, campaigns, infrastructure, and shared tools. 

Regarding India, our platform's telemetry shows a heightened interest from threat actors in data related to India's 20-year strategic plans for infrastructure, specifically roads, transportation, IT, and semiconductor research. India is actively developing its semiconductor sector to gain a competitive edge. Threat actors are also targeting pharmaceutical, healthcare, and India's data-rich startup ecosystem, putting citizen data at espionage risk. 
 
What role do technologies such as Generative AI play with regard to cybersecurity? 

Both cyber attackers and defenders employ generative AI, but attackers use it more effectively. Adversaries capitalise on AI/ML, deepfake, facial recognition, and Augmented Reality/Virtual Reality (VR) (AR/VR) to enhance hacking strategies against government agencies, businesses, and strategic targets, surpassing cyber defenders in technological adaptation. Facial recognition and AR/VR systems illustrate the extensive use of deepfake technology by cybercriminals. We predict that within two years, social engineering and phishing attacks will predominantly employ deep fakes, making defenders' tasks much harder.  

Malware capabilities have evolved significantly. Instead of creating static malware, hackers now build multi-behavioural malware that adapts in real-time. Upon reaching a target, this malware assesses the environment and generates tailored malicious code, targeting various systems like Windows, Linux, Outlook, and mobile devices. This is powered by AI/ML engines, resulting in multi-behavioural, metamorphic, and polymorphic malware that dynamically alters their code as they spread. This approach allows hackers to continuously exploit vulnerabilities with minimal coding effort.  

Generative AI is being used by hackers for reconnaissance, identifying, and exploiting weaknesses. On the defender's side, AI and ML are employed to comprehensively correlate information, automating the understanding of attack footprints and quickly assessing their applicability to various targets. Additionally, language recognition enriches threat monitoring capabilities. Generative AI also automates mundane tasks like report generation. Currently, it favours cybercriminals, but defenders are rapidly closing the gap. 
 
Are you noticing any new trends in the field of threat intelligence? 

Threat intelligence alone falls short as it often turns into a data feed for security controls. This leads cybersecurity teams to react to the generic information, lacking personalisation and causing what we term 'noise'. It resembles new malware — offering fragmented, partial, and limited data, impeding effective security measures and causing alert fatigue. Real intelligence necessitates personalisation, threat prioritisation, and attribution to hackers. This transitioned us from a threat intelligence tool to an external threat landscape management platform.

Organisations require a comprehensive tool linking gathered intelligence to infrastructure, digital footprint, brand, industry, technology, and geolocation. This fusion yields a prioritised action list for crafting responsive plans. 

Our target markets are now seeking an all-in-one solution for environment monitoring and capital/resource optimisation. Queries about cost, resource efficiency, noise reduction, prioritised and personalised threat management drive our ability to outperform competitors in addressing these concerns.