Sophisticated Solutions to Sophisticated Threats: the Use of AI

Cyberthreats grow hand in hand with digital advances but while tech solutions become more transformative and user friendly, threats become more sophisticated and silent. During Mexico Cybersecurity Summit 2021 held on June 17, experts pondered how companies and providers can offer solutions that minimize the impact of cyberattacks .

In the coming months, cybercriminals are likely to increasingly attack the internet edge, the gateway between the company and the cyberspace, warned Sebastián Russo, System Engineer Director at Fortinet. The internet edge is becoming a more attractive target thanks to the increase of networks, multiple environments and hybrid clouds, each one with their unique risks and vulnerabilities, interconnected to each other. “When the edges are interconnected, cybercriminals will find advantages. This is increasingly common as companies sacrificed visibility for remote work. There are now more end users connected to the organizations’ networks and the lack experience in remote work lends itself to more attacks.”

Companies have to take advantage of technology and the different analysis and processing options available, said Juan Pablo Diaz, CISO at Tecnología y Servicios de Seguridad Cibernética (TSSC). TSSC offers access to machine learning and big data security solutions. “TSSC has developed a model based on international best practices with the goal of standardizing processes and controls.”

Social engineering is another common problems. “There are efforts to exploit new internet providers and information sources such as smart TVs or intelligent systems like Alexa or Siri,” said Russo. These systems use AI and store user data, even financial data. “Some of them also have control of security sensors and cameras, so by violating them they can disable other security measures.”

Russo explained that trojans are also evolving to target internet edges using users as the springboard to then escalate to other devices and later to companies’ networks. Attackers are also benefited by new technology, “5G engages users more and opens the door to advanced threats.” Devices can be hijacked to generate in an orchestrated attack on the target system. “They can be feature-enabled to generate a massive attack.” The coordination of hijacked devices is further facilitated by 5G networks. These conditions open the door to cryptomining, in which “the computing power of thousands of hijacked devices is used for further illegal activities while unnoticed by the users of those devices.” This practice poses further risks because end users are unaware it is happening. “In the past, hijacking was easy to identify by the user. When they saw that their computer was performing poorly, they could format it and recover their data with a backup. Then everything was fine. Now secondary devices such as Smart TVS can be hijacked but this is harder to notice.”

The evolution of ransomware is another concern. Ransomware is already more sophisticated and the convergence of devices and networks will only give attacks to have a greater reach, explained Russo. “Ransomware attacks affect the individual user financially. But they can also reach medical and security systems, which was the was a case when cybercriminals blocked some interconnected medical centers sending ambulances to centers further away and compromising the life of patients. It is a form of terrorism.”

Companies should act before it happens, Russo stressed. “There has to be a combination of tech, people, training and partnerships to exchange attack intelligence and prevent them.” To fight these threats, cybersecurity experts can build attack playbooks detailing the behavior and the sequence of steps used to show future users how to anticipate them. “As operators, we must ensure that systems are properly configured, ready to make automatic decisions.” Russo stresses that companies must invest on proactive defense and effective response mechanisms to react quickly to an unavoidable attack. Also, reducing the gap between skills and threats can only be done through education.  

The overall lack of professionals specialized in cybersecurity at response centers is also a problem, explained Diaz. Also, companies often have a misplaced sense of security. “Even if companies think that they do not need protection, as long as they have public services, they show vulnerability. Thus, attacks through simple means such as phishing have increased.” TSSC has integrated different technical and technological solutions that use big data and machine learning to integrate data sources. “By integrating them, TSSC processes, catalogs, classifies and typifies them to know how to react and manage incidents. We can map compliance and non-compliance to data standards.”

Through state-of-the-art technology, TSSC can identify incidents and prioritize them in real time to detect and contain attacks. “We have taken advantage of technology to automate 85 percent of security operations. Services are automatically assigned to problems.”