Artificial Intelligence (AI) and Machine Learning (ML) tools could substantially help in the fight against cybercrime. But even these technologies can’t guarantee absolute security, and they could even be exploited by malicious hackers. Here we will consider some of the implications about the use of these new instruments in the cybersecurity sector. In 2020 cyber criminals pose a growing threat to all kinds of organisations and companies, as well as their customers. Businesses are doing their best to defend themselves, but it’s hard to predict what new types of cyberattacks will emerge and how they’ll work, which cyber criminals tend use in their favour. Artificial Intelligence and Machine Learning can give a decisive contribution to cybersecurity AI and ML are playing an increasingly important role in cybersecurity, powering security tools that can analyse data from millions of previous cyber incidents, and use it to identify potential threats or new variants of malware. These tools are particularly useful if we consider that cyber criminals are always trying to modify their malware code so that security software is no longer able to recognise it as malicious. By applying AI and ML, cyber-defenders are attempting to stop even the unknown, new types of malware attack. The machine-learning database can draw upon information about any form of malware that’s been detected before. Therefore, when a new form of malware appears, either a variant of an existing malware, or a new kind entirely, the system can check it against the database, examining the code and blocking the attack on the basis that similar events have previously been deemed as malicious. That’s even the case when the malicious code is bundled up with large amounts of benign or useless code in an effort to hide the nefarious intent of the payload. Tracking and analysing users’ behaviour But detecting new kinds of malware isn’t the only way that AI and ML technologies can be deployed to enhance cybersecurity: an AI-based network-monitoring tool can also track what users do on a daily basis, building up a picture of their typical behaviour. By analysing this information, the AI can detect anomalies and react accordingly. This way AI and ML enable cybersecurity teams to respond in an intelligent way, understanding the relevance and consequences of a breach or a change of behaviour, and developing in real time an adequate response. For example, if an employee clicks on a malicious link, the system can work out that this was not a normal behaviour and could therefore be a potentially dangerous action. Using ML, this kind of event can be spotted almost immediately, blocking the potential damage of an intrusion and preventing many criminal activities. And all of this is done without impacting the daily activity of the company, as the response is proportionate: if the potential malicious behaviour is on one machine, locking down the whole network is not required. A great support with some potential risks A huge benefit derived from the use of ML in cybersecurity is that the system will be able to identify and react to potential problems almost instantly, preventing the disruption of the business. By deploying AI-based cybersecurity to automate some of the defence functions, it’s possible to ensure that the network is going to be safe, without relying on humans having to perform the impossible task of monitoring everything at once. In fact, the growing volume of data and its variety make it practically impossible for humans to manage it and automated tools can greatly help in this sense. This statement is further supported when observing how employees operate on the network. Many large companies train their staff to improve cybersecurity, but it’s possible that some employees will attempt to take shortcuts in an effort to do their job more efficiently, which could possibly lead to serious security problems. AI and ML can manage this issue. Human cybersecurity staff will still be needed  While AI and ML do provide great advantages for cybersecurity, it’s important for companies to realise that these tools cannot completely replace human cybersecurity staff. It’s possible for a machine learning-based security tool to be programmed incorrectly, for example, resulting in unexpected attacks being missed by the algorithms. Something like this could lead to very serious problems and it must be taken into account right from the start. That’s why AI-based cybersecurity tools need to be regularly evaluated like any other software on the network. There’s also the risk that AI and ML could even create additional problems, because it’s highly likely that cyber criminals themselves are going to use these same techniques in an effort to make their attacks more efficient and disruptive. AI and cybercriminals A report by the Europol’s European Cybercrime Centre has warned that Artificial Intelligence is one of the emerging technologies that could make cyberattacks more effective and more difficult to identify than ever before. It’s even possible that hackers have already started using these techniques to conduct hacking and malware attacks. It’s very likely that by using ML, cyber criminals could develop self-learning automated malware, ransomware, social engineering or phishing attacks. Currently, they might not access to the deep wells of technology that cybersecurity companies have, but there exists code that can provide cyber criminals with access to these resources. In that case, it’s correct to assume that these instruments will soon be part of a criminal’s toolkit, if they aren’t already. While it may be unclear if hackers have used machine learning to help develop or distribute malware, there is already evidence of AI-based tools being used to conduct cybercrime. Last year, for example, it was reported that criminals used AI generated audio to impersonate a CEO’s voice and trick employees into transferring a great amount of money to them. Machine learning systems could also be used to send out phishing emails automatically and learn what sort of language works in the campaigns, what generates clicks and how attacks against different targets should be developed. Like any machine-learning algorithm, success would come from learning over time, meaning that it’s possible that phishing attacks could be driven in the same way security teams try to defend against them. Conclusion Having said all of this, if AI-based cybersecurity tools continue to develop and improve, and are applied correctly alongside human cybersecurity teams, rather than instead of them, this could help companies and governments stay secure against increasingly sophisticated and effective cyberattacks. Ultimately, AI could greatly help us in creating a world where our whole cybersecurity sector is much improved, thanks to a self-learning and self-healing network that can identify in advance negative behaviours and stop them from happening. In any case it’s clear that these new technologies will be at the heart of the cybersecurity of the future.

In the last few years, the Cyber-Security Research Center of Israel’s Ben Gurion University of the Negev coordinated by Dr. Mordechai Guri, has developed and tested several new types of malware that allow to covertly steal highly sensitive data from air-gapped and audio-gapped systems. Here we will briefly analyse some of the most surprising techniques that they have successfully tested.      What air-gapped systems are and the difficulty of hacking them The term “air-gapping” indicates a network security measure employed on one or more computers to ensure that a certain computer system is physically isolated from unsecured networks, such as the public Internet or an unsafe local area network. Air-gapped systems are considered a necessity in environments where sensitive data is involved, because they can highly reduce the risk of data leakage. The devices in these systems sometimes are also audio-gapped, which means that their audio hardware is disabled in order to prevent potential attackers from leveraging the built-in speakers and microphones to steal information via sonic or ultrasonic waves. It’s practically impossible to subtract data from this kind of devices, because there is no way to transmit the desired information outside of the system. Nonetheless the group of researchers guided by Dr. Guri has demonstrated that certain malwares and highly innovative ways of transmission can allow you to steal data even from these air-gapped devices.    Three of the most innovative hacking methods       Lately the research center of dr. Guri has worked on many different projects, all very innovative, even if not equally effective. Here we are going to summarize the details about three of their most revolutionary techniques. It’s important to note in advance that practically all of these methods work after the installation of very specific malwares into the targeted device or system.   Using Power Supply as an Out-of-Band Speaker Named “POWER-SUPPLaY”, the latest research is based on the use of a new malware that can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. Essentially, the air-gap malware regulates the workload of modern CPUs to control its power consumption and the switching frequency of the PSU to emit an acoustic signal in the range of 0-24kHz and modulate binary data over it. The acoustic signals can then be intercepted by a nearby receiver, such as a smartphone, which demodulates and decodes the data and then sends it to the attacker via the Internet. To make this method work, both the transmitting and the receiving machines must be located in close physical proximity to one another and they have to be infected with the appropriate malware to establish the communication link. Subtracting data by modulating the device’s screen brightness The researchers also invented a new method called “BRIGHTNESS”, basically a covert optical channel that allows to steal data by altering the levels of brightness of the targeted device’s screen. This covert channel is invisible, and it works even while the user is operating on the computer. Malware on a compromised pc can obtain sensitive data (e.g., files, images, encryption keys, and passwords), and modulate it within the screen brightness. The small changes in the brightness are absolutely invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, a smartphone camera or even a webcam. The fundamental idea behind encoding and decoding of data is practically the same for all these methods, because the malware encodes the collected information as a stream of bytes and then modulate it as ‘1’ and ‘0’ signal. Stealing information from faraday cage air-gapped computers via magnetic fields The Cybersecurity Research Center has also developed two techniques that allowed them exfiltrate data from devices placed inside a Faraday cage. Dubbed “MAGNETO” and “ODINI”, both the techniques work even if the device is kept inside a Faraday shielding case, which blocks any type of inbound and outbound wireless communication (Wi-Fi, cellular, Bluetooth, etc.), and they even work if the smartphone or the pc is set on airplane mode. These methods make use of proof-of-concept (PoC) malware installed on an air-gapped computer inside the Faraday cage to control the magnetic fields emanating from the computer by regulating workloads on the CPU cores and use it to transmit sensitive data over the magnetic signals. The magnetic sensor of a smartphone located near the device can then receive the covert signals. A cybersecurity’s challenge for the future The Research Center has also tested many similar techniques that exploit other means of transmission, such as vibrations, audio-waves and even thermal signals. It’s clear that all of these innovative methods represent a real challenge for the cybersecurity of the future, because only new and more advanced security systems will allow companies to defend against these new types of cyber-attacks. It’s true that many of these techniques are quite fanciful and not completely viable in the real world, but they all bring to mind a consideration that has become a famous maxim in the world of IT security: the only safe PC is a switched off PC.