While Artificial Intelligence (AI) may have changed the cyberthreat landscape, providing attackers with new, unprecedented capabilities, it has - at the same time - bolstered cybersecurity defenders, delivering AI-powered tools that are faster and more efficient than ever before.
So says Roelof van Wyk, technical manager: South Africa at Exclusive Networks Africa, who maintains that, because cybersecurity continues to evolve around zero-day threats, the industry has ensured that it has taken advantage of AI to safeguard against AI-driven attacks.
Playing ‘tit for tat’
“While it’s true that AI can be used to determine a system’s vulnerabilities, write an automated script, or make it more difficult to detect an attack, this is merely the latest method attackers are using to target individuals and organisations. We’ve continued to see the traditional game of escalation between bad actors and cybersecurity vendors – as one side advances, so too does the other.
“For instance, the cybersecurity sector has used AI for improved threat intelligence platforms and automated incident response, as well as machine learning (ML) for behavioural analysis, making it easier to identify and track the specific patterns of viruses, and any abnormal behaviour on systems.”
According to Van Wyk, an excellent example of the role AI has played in both cyberattacks and cyber protection is around the Emotet virus.
Discovered as a simple banking Trojan in 2014 that used social engineering techniques like malicious spam to steal people’s financial information, Emotet evolved into a polymorphic malware, described by the US Department of Homeland Security as “…the most costly and destructive malware affecting state, local, tribal, and territorial governments, and the private and public sectors”.
Not only did the malware change its code each time it was called up, but, in 2019, it was discovered that Emotet’s new attack vector would infect a host through either a malicious script or link, or macro-enabled document files disguised to look like legitimate emails, which would then download and run a Wi-Fi Spreader module.
This meant that it could conduct a brute-force attack on any nearby devices with reachable Wi-Fi networks, discovering the usernames and passwords of any servers and computers connected to the Wi-Fi network, and repeating the Emotet infection cycle again and again. It would also open the door for other malware, like ransomware.
“User awareness and education obviously plays a critical role in avoiding this type of social engineering attack, but at the same time AI and ML are significant factors in protecting against these sophisticated attacks. As was the case with Emotet, these technologies can learn the individual pattern of life of every user device and the network, determine what is considered normal and anomalous behaviour, and then be able to detect malicious email spamming and brute-force attacks more easily.”
Defending against threats across Africa
Interestingly, while the global cybersecurity workforce has reached record levels – to an all-time high of 5.5 million, with over 400,000 individuals within the Middle East and African region[1] – the demand for these skills still far outweighs the available head count.
“This makes the use of AI and ML within cybersecurity all the more important for the protection of personal data and identities, compliance to regulations like the South African Protection of Personal Information Act (POPIA), and secure data access and transfer,” Van Wyk states.
He outlines a number of cyberattacks that have recently taken place across Africa, including the following: in South Africa, offensives against the Companies and Intellectual Property Commission (CIPC) agency and the Government Pensions Administration Agency (GPAA); distributed denial of services (DDoS) attacks against Ugandan mobile providers claimed by the hacktivist group, Anonymous Sudan; a leading Nigerian fintech company reportedly losing $27 million in a breach earlier this year; and Kenya witnessing more than 1.2 billion cases of cyber threats in just three months at the end of 2023.
“It’s clear that African organisations need help, and our local channel can play an essential role here in helping them to bolster their defences,” notes Van Wyk. “By partnering with a trusted, focused cybersecurity specialist like Exclusive Networks Africa, regional channel partners can provide cutting-edge technologies to African businesses that leverage the latest advancements in AI and cybersecurity, with more sophisticated detection capabilities, allowing them to identify and respond to threats faster than ever before.”