Artificial intelligence (AI) is a catalyst in the realm of cybersecurity, transforming it into a continuous battle between attackers and defenders. Cybercriminals are leveraging AI to launch highly targeted and increasingly hard to stop ransomware attacks. But on the other hand, how can AI be used to defend against such sophisticated threats and help organisations keep up? Our colleague Petr Kocmich, Global Cyber Security Delivery Manager, provides insights into these and other issues.
The time required can vary significantly. Some types of ransomware begin encrypting data almost immediately—within minutes of gaining access to a system. Others deliberately delay the encryption process to avoid detection and to thoroughly explore the victim’s environment. These attacks may take hours, days or even weeks before the actual encryption begins. In targeted attacks, cybercriminals often spend weeks or months inside the network before launching encryption to maximise damage and pressure on the victims.
Artificial intelligence is playing an increasingly vital role in various phases of cyberattacks, including ransomware. AI can be used to craft highly convincing phishing emails that mimic the sender’s writing style and are personalised, increasing the likelihood that victims will click on malicious links. AI also assists with automated network scanning, identifying vulnerable systems, and cloning or optimising fake websites to make them appear as trustworthy as possible.
AI tools can significantly enhance the generation and optimisation of fake landing pages used in fraudulent schemes. These tools can generate visually appealing and credible looking websites that closely imitate the legitimate ones. Moreover, they analyse the target audience and customise the content to appeal to specific demographic groups or user interests. This increases the likelihood that victims will click on malicious links. AI can even monitor the performance of these landing pages and make real-time adjustments, such as changing colours, text, or layout, to maximise conversion rates (i.e. making the visitor act, such as fill out a form, or enter credit card details) thereby improving the efficiency of fraudulent campaigns.
AI tools can further streamline and enhance cybercriminals’ reconnaissance and lateral movement across networks. Through mapping network structure and topology, they can identify vulnerable systems and suggest optimal paths for lateral movement. By analysing behavioural patterns, they help attackers blend in and avoid detection. Machine learning can identify normal behavioural patterns and adjusts malware behaviour to prevent generating suspicious activity that could raise alarms with security systems.
Finally, AI enables malware to actively breach security defences. AI-driven malware can adapt in real time to security measures. Using machine learning, malware can alter its modus operandi and signature to evade detection by modern security systems. This includes changes in behaviour, code encryption or adapting to firewall and antivirus settings.
One example is Emotet, malware that uses AI to improve its phishing campaigns, increasing infection rates. TrickBot, another dangerous malware, employs AI for automated network reconnaissance and adaptive behaviour, allowing it to adjust to security measures it comes across. Ryuk, known for its targeted attacks, uses AI-powered tools for network reconnaissance and privilege escalation before deploying ransomware.
Yes, absolutely. For instance, by monitoring and analysing network traffic, AI can detect anomalies and unusual behaviour in real time that may indicate the presence of malware. This means AI can identify and respond to potential threats before an attack causes harm. It can even respond automatically to threats, for example, by isolating infected devices from the network. AI also enables predictive analysis to help anticipate potential attacks and recommend proactive measures. Improved phishing detection and endpoint monitoring are other key areas where AI significantly improves protection.
Yes. This includes the aforementioned isolation of infected devices as well as the coordination of various security tools and processes, ensuring a rapid and effective incident response. Such automation not only reduces response time but also minimises human error in managing incidents.
Predictive analysis is one of the key areas where AI will play a critical role. Using predictive models, AI analyses historical data and current trends to anticipate possible future attacks. This allows organisations to take proactive measures and prepare for potential threats. AI also helps in vulnerability and patch management by identifying system weaknesses and recommending prioritised fixes based on the potential attack likelihood and severity.
AI can analyse email messages and attachments to identify phishing attempts using pattern recognition and contextual analysis. This includes detection of suspicious elements, such as unusual links or language that may indicate a scam. AI also helps defend against spear phishing by analysing personalised messages and blocking those containing fraudulent elements.
Yes. AI supports the monitoring of endpoints such as servers, workstations, mobile devices and tablets, and detects suspicious activity that may indicate malware presence or intrusion attempts. It can also conduct forensic analysis of compromised systems to identify the source of the attack and recommend remediation measures to prevent future incidents. This improves both the speed and accuracy of threat detection and response.
Absolutely. By reducing false positive events or incidents. AI analyses and filters security alerts, enabling security teams to focus on real threats. AI also supports proactive threat hunting by identifying both known and novel attack patterns.
The future of AI in cybersecurity is immense. With ransomware attacks becoming ever more sophisticated, AI will be pivotal in detecting and preventing these threats. Thanks to its capabilities in detection, response, prevention, and analysis, organisations can better protect their systems, minimise the impact of attacks, and improve overall security effectiveness. The development of advanced AI technologies will allow a faster and more efficient response to incidents, reducing the risk of successful attacks. However, as defenders improve their AI capabilities, cybercriminals are also expected to continue enhancing their own AI tools creating a perpetual fight between attackers and defenders.
We are in the process of finalizing. If you want to be redirected to our old version of web site, please click here.
