IT security teams are embracing new ways to include Artificial Intelligence (AI) Cybersecurity strategies to outsmart sophisticated cyber attackers. A majority of cyberattacks are targeting software applications and internet-connected devices across a wide range of use cases. IoT devices such as smartphones and desktops are particularly vulnerable to attacks that lead to data breaches, identity theft, misinformation scams, and financial fraud. By 2030, there will be close to 29 billion IoT devices connected to critical service providers for water and gas management, e-commerce, telecom, mobility and urban transportation, healthcare, and AI-based messengers. In 2024, one of the major challenges for CIOs and CISOs would be to keep IT infrastructure, including software and hardware assets, safe from cyber attackers.
“HP Wolf Security identified a surge in the abuse of Excel add-in (XLL) files in Q3. Macro-enabled Excel add-in malware rose to the 7th most popular file extension used by attackers, up from 46th place in Q2. HP Wolf Security detected attackers trying to infect devices with Parallax RAT through malicious Excel add-ins masquerading as scanned invoices.” – [HP Wolf Security Threat Insights Report Q3 2023]
October Cybersecurity Awareness Month: Top 50 IT and Security Professionals Share their Strategies
AI-powered security solutions for risk analysis, predictive intelligence, and identity and access management assist cybersecurity teams with unmatched ability to safeguard their digital infrastructure. However, there’s no guarantee that AI alone can protect everything your organization owns or stores. CIOs still lack 100% visibility into what their cybersecurity postures look like and what kind of preparedness is required to thwart a sophisticated cyber attack led by ransomware and zero-day attack vectors.
Advanced AI in cybersecurity can save organizations from becoming a sitting duck against digital attacks.
In our CIO Influence Predictions Series 2024, key executives from HP Inc. sat down with us. The executives are:
-
Alex Holland, Senior Malware Analyst at HP Inc.
-
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.
-
Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Inc.
-
Michael Heywood, Business Information Security Officer at HP Inc.
Here’s a brief overview of our conversation with what each HP executive had to say about advanced AI in cybersecurity.
In 2024, AI will supercharge social engineering attacks on an unseen scale, spiking on red-letter days
Alex Holland, Senior Malware Analyst at HP Inc.
“In 2024, cybercriminals will capitalize on AI to supercharge social engineering attacks on an unseen scale: generating impossible-to-detect phishing lures in seconds. These lures will appear highly plausible and look indistinguishable from the real thing, making it harder than ever for employees to spot – even those that have had phishing training.
“We are likely to see mass AI-generated campaigns spike around key dates.
For instance, 2024 stands to see the most people in history vote in elections – using AI, cybercriminals will be able to craft localized lures targeting specific regions with ease. Similarly, major annual events, such as end-of-year tax reporting, sporting events like the Paris Olympics and UEFA Euro 2024 tournament, and retail events like Black Friday and Singles Day, will also give cybercriminals hooks to trick users.
“With faked emails becoming indistinguishable from legitimate ones, businesses cannot rely on employee education alone. To protect against AI-powered social engineering attacks, organizations must create a virtual safety net for their users. An ideal way to do this is by isolating and containing risky activities, wrapping protection around applications containing sensitive data, and preventing credential theft by automatically detecting suspicious features of phishing websites. Micro-virtualization creates disposable virtual machines that are isolated from the PC operating system, so even if a user does click on something they shouldn’t, they remain protected.
“Organizations will also use AI to improve defense against the rise in attacks. High-value phishing targets will be identified and least privilege applied accordingly, and threat detection and response will be enhanced by continually scanning for and automatically remediating potential threats.”
Beyond phishing, the rise of LLMs will make the endpoint a prime target for cybercriminals in 2024
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.
“One of the big trends we expect to see in 2024 is a surge in the use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites – such as LinkedIn – to pull information on targets and create highly personalized social engineering attacks en masse. Once threat actors have access to an email account, they will be able to automatically scan threads for important contacts conversations, and even attachments, sending back updated versions of documents with malware implanted, making it almost impossible for users to identify malicious actors. Personalizing attacks used to require humans, so having the capability to automate such tactics is a real challenge for security teams. Beyond this, continued use of ML-driven fuzzing, where threat actors can probe systems to discover new vulnerabilities. We may also see ML-driven exploit creation APPLemerge, which could reduce the cost of creating zero-day exploits, leading to their greater use in the wild.
“Simultaneously, we will see a rise in ‘AI PCs’, which will revolutionize how people interact with their endpoint devices. With advanced computing power, AI PCs will enable the use of “local Large Language Models (LLMs)” – smaller LLMs running on-device, enabling users to leverage AI capabilities independently from the Internet. These local LLMs are designed to better understand the individual user’s world, acting as personalized assistants. But, as devices gather vast amounts of sensitive user data, endpoints will be a higher risk target for threat actors.
Latest AMD Report Finds, AI Development Outpacing Current IT and Security Readiness
“As many organizations rush to use LLMs for their chatbots to boost convenience, they open themselves up to users abusing chatbots to access data they previously wouldn’t have been able to. Threat actors will be able to socially engineer corporate LLMs with targeted prompts to trick them into overriding their controls and giving up sensitive information – leading to data breaches.
“And, at a time when risks are increasing, the industry is also facing a skills crisis – with the latest figures showing 4 million open vacancies in cybersecurity; the highest level in five years. Security teams will have to find ways to do more with less while protecting against both known and unknown threats.
The key to this will be protecting the endpoint and reducing the attack surface. Having strong endpoint protection that aligns with Zero Trust principles straight out of the box will be essential. By focusing on protecting against all threats – known and unknown – organizations will be much better placed in the new age of AI.”
In 2024, the democratization of AI tools will lead to a rise in more advanced attacks against firmware and even hardware
Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Inc.
“In 2024, powerful AI will be in the hands of the many, making sophisticated capabilities more accessible at scale to malicious actors. This will not only accelerate attacks in OS and application software but also across more complex layers of the technology stack like firmware and hardware. Previously, would-be threat actors needed to develop or hire very specialist skills to develop such exploits and code, but the growing use of Generative AI has started to remove many of these barriers. This democratization of advanced cyber techniques will lead to an increase in the proliferation of more advanced, more stealthy, or more destructive attacks. We should expect more cyber events like moonbounce and cosmic strands, as attackers can find or exploit vulnerabilities to get a foothold below a device’s Operating System.
Recent security research even shows how AI will enable malicious exploit generation to create trojans into hardware designs, promising increased pressure in the hardware supply chain.
44% of CISOs State Cloud & Infrastructure Security as their Top Priorities in 2023
“In the year ahead, businesses will need to prioritize actively managing hardware and firmware security across the device lifecycle, from the points of delivery to recycling or decommissioning. With today’s highly distributed IT infrastructures, it is critical to be able to rely on fleets of endpoint devices to operate as expected, throughout their lifetime. This means defending and monitoring the security, and in particular the integrity, of device hardware and firmware is increasingly central to protecting the supply chain of any IT infrastructure.
For years, this area of hardware and firmware security has been largely neglected, with businesses assuming that they were mostly protected by the high barrier to entry for such attacks. However, with increased attacker pressure, organizations must make internal investments or identify the right partners to help bring device hardware and firmware security management in line with the level of maturity they already expect in software security. And, given hardware procurement lifecycles, organizations should start now by setting requirements for robust built-in endpoint security, which is designed to support the secure verification, management, monitoring, and remediation of hardware and firmware.”
In 2024, attackers will continue to seek ways into the ground floor, infecting devices before they are even onboarded
Michael Heywood, Business Information Security Officer at HP Inc.
“In 2024, we’ll see the attention on software and hardware supply chain security grow, as attackers seek to infect devices as early as possible – before they have even reached an employee or organization. With awareness and investment in cybersecurity growing each year, attackers have recognized that device security at the firmware and hardware layer has not maintained pace. Breaches here can be almost impossible to detect, such as firmware backdoors being used to install malicious programs and execute fraud campaigns on Android TV boxes. The increasing sophistication of AI also means attackers will seek to create malware targeted at the software supply chain, simplifying the process of generating malware disguised as secure applications or software updates.
“In response to such threats, organizations will need to think more about who they partner with, making cybersecurity integral to business relationships with third parties. Organizations will need to spend time evaluating software and hardware supply chain cybersecurity, and validating the technical claims made by suppliers, to ensure they can truly trust vendor and partner technologies.
Organizations can no longer take suppliers’ word on security at face value. A risk-based approach is needed to improve supply chain resilience by identifying all potential pathways into the software or product. This requires deep collaboration with suppliers – yes or no security questionnaires will no longer be enough. Organizations must demand a deeper understanding of their partners’ cybersecurity posture and risk – this includes discussing how incidents have changed the way suppliers manage security or whether suppliers are segregating corporate IT and manufacturing environments to shut down attackers’ ability to breach corporate IT and use it as a stepping stone to the factory.
“A risk-based approach helps ensure limited security resources are focused on addressing the biggest threats to effectively secure software and hardware supply chains. This will be especially important as supply chains come under increasing scrutiny from nation-state threat actors and cybercrime gangs.”
And, that’s a wrap
For over 20 years, HP Inc. and its cyber threat detection and analyst team have helped organizations protect sensitive customer data, government systems, databases, and more. As IT security and networking professionals face the daunting task of managing their infrastructures in a hostile cyber landscape, the use of AI tools and solutions will become more ubiquitous in 2024. AI upskilling, leadership, and sustainable cybersecurity initiatives would separate leaders from laggards in the war against cybercriminals and nation-state threat actors.
