Boston, Mass. Hacking a Tesla, “poisoning” an Alexa or sending a pdf with malware is not something impossible or far from reality. Artificial Intelligence (AI) is more present in your life than you think and this growth implies a risk: being a focus for cybercriminals.
The adoption of AI is accelerating and, according to the study , 35% of companies already use it and 42% are considering adopting some technology. These are its main use cases:
But you don’t have to be a big company to acquire AI. From the recognition of your biometric data on your cell phone, the automated messages in WhatsApp Business to the conversations with Alexa are AI technology.
But what are we talking about when we talk about AI attacks?
“We live in a new era of cybersecurity,” shared Gabriel Catropa, CTO of cybersecurity for LATAM at IBM. Cybersecurity no longer just means putting a password on our devices or not using the same password for different accounts. Faced with more sophisticated technologies, greater desire to attack them.
Catropa mentioned that there are three main industries that suffer the most cyberattacks on their systems: manufacturing, retail – wholesale and financial. And all of these are vulnerable to the following attacks:
1. AI attacks
- Steganography: This is actually an ancient art that involves hiding secret messages or objects behind a surface layer of content. Today it continues to happen but no longer on paper, but digitally. Any file can be modified to include malware, and using this technique, they can “jump” multiple firewalls undetected.
- Automation: AI can be used to generate automation messages for phishing.
- Refinement: As the name implies, neural networks are becoming more “refined” in order to crack passwords. According to Catropa, a 12-character password can already be cracked in a minute.
But not all attacks are generated by AI; also the attacks can be directed at the AI.
2. AI attacks
- Poison: AI works by learning and, like any human, its “mind” can also be “corrupted” with unwanted information. An example of Poison was the Tay Chatbot , a chatbot created by Microsoft for Twitter in 2016. Tay caused controversy because she was “poisoned” and started sending offensive messages.
- Evade: These are real-world attacks on computer vision, usually for facial recognition biometrics and autonomous vehicles – yes, even AI can be fooled.
- Harden: These are generic algorithms and reinforcement learning – like in OpenAI Gym – to evade malware detectors. This is why it is important to be constantly investing in cybersecurity, because they are evolving and changing with the same frequency.
3. AI theft:
Today you no longer have to physically break in and steal the machine; you just need their data. For example, the theft of machine learning models through public APIs.
What can be done?
“Cybersecurity is about people, strategies and technologies”, complements Catropa.
Believing that cybersecurity is the sole responsibility of the IT team is a misconception. Everyone in the company must be aware of cybersecurity risks and work together to know how to prevent and react.
On the other hand, among the strategies that companies have to take are, to begin with, protect and back up all data and have a Zero trust policy. This means, only giving the strictly necessary access to each person. For example, not because you are the CEO of a company you have to have access to all the information from your phone.
Finally, investing in technology for digital security is paramount. If you have security guards to access a building, why shouldn’t it be the same way in digital? have technological tools to have greater visibility, better automation and more analysis.