For all the headlines that ransomware has grabbed in recent years, research indicates that while this is indeed a dynamic space, the actual number of ransomware strains making up the ecosystem at any one time is rather small.
While at first, this may seem surprising, the perception of common cybercriminals being the ultimate masterminds behind this type of attack is shattered when we consider the expertise and volume of work required to develop the various tools involved in a successful attack. Instead, many resort to a wide range of ransomware-as-a-service (RaaS) offerings.
There is now another option available to both RaaS providers and their ‘customers’ that can help them scale and automate their attacks: artificial intelligence and generative AI in particular.
Vishal Pala, Senior Solutions Engineer – META, Barracuda
Attackers of all experience levels can use AI to increase the number of attacks that they can carry out, as well as improve the effectiveness of the attacks and help to overcome any limitations of their criminal set-up. This should be highly concerning for organisations in the UAE where targeted firms on average lose over US$1.4 million in ransomware.
What will the AI-driven evolution of ransomware look like? Criminals can use AI to automate time-consuming activities and optimise existing procedures. For example, they could use machine learning to hide and blend in with normal activity, such as hiding data exfiltration in with normal traffic.
This will make it more difficult for organisations to detect attacks and stop them. Or they could turn AI tools onto social media so that instead of manually researching one site to gather details, automated bots could consolidate research from multiple sites to make a more effective, faster phishing attack and drive the attacks out to a higher volume of potential victims.
More sophisticated attackers could even use AI to write and revise code with natural language prompts, which makes this step in an attack much easier and faster. This also means that cybercriminals can use less experienced staff to build attacks, and they can make better use of the most experienced engineers.
As a result of all this, we should expect a higher volume of ransomware attacks that are more sophisticated and more effective. But it’s not all bad news. AI can also be very effective in preventing AI-enabled attacks. To protect your organisation, you need to fight fire with fire by leveraging AI technology to detect, prevent, and recover from ransomware. Here are some best practices to consider:
1. Protect your email from phishing by using AI to help detect phishing emails — before they even hit your employees’ inboxes. AI technology can leverage machine learning models to scan through massive amounts of data in real time to identify suspicious activities or patterns. This includes detecting malicious file attachments or other indicators of compromise (IOCs) hidden within emails before they can cause damage to the network.
2. Protect your web applications. Your web applications are at risk if you have any web forms — you don’t need to have an e-commerce site to be at risk. These applications can be at risk from attacks by bots acting like humans to evade detection, unprotected APIs, credential stuffing and brute-force attacks. You need a web application firewall that can detect and protect with continuous machine learning to keep ahead of the AI that attackers are now using.
3. Protect your credentials. Zero Trust can add additional levels of security. It ties user credentials to a trusted device so that an attacker who has a stolen username/password will not be able to get network access.
4. Employee training. Training employees on how to recognise suspicious emails and attachments can go a long way in preventing successful phishing attacks that can lead to ransomware infections. AI can be used to improve your training so that it is more effective by identifying the employees most at risk and modelling attacks for employees so that they can recognise the latest methods before it’s too late.
5. Regular backups. It is essential to ensure that you have a regular backup schedule for all important data and keep those backups separate from the organisation’s central network so that you can recover from ransomware attacks. Your backups should also be well-protected with end-to-end encryption and strong access controls.
6. Employ AI-security solutions. Leveraging AI-based security solutions such as XDR can help detect and respond to ransomware attacks in real time. With XDR, AI attacks can be detected in hours where it might take weeks or months without AI-powered detection.
7. Keep software and systems patched. Always ensure that your organisation’s software and systems are updated with the latest patches to minimise vulnerabilities.
Cover all bases
AI technology has impacted ransomware by making the attacks more effective and increasing the volume of the attacks. With AI-enabled cybersecurity solutions, companies can mitigate the risks of ransomware attacks and minimise the impact they may have. Adopting a multilayered approach to ransomware will help businesses protect their reputation, customers, and bottom line.
