Securing Systems Against AI Hackers

The most impactful technological innovations rarely stay confined to their original purpose and often come with unintended consequences. Consider the internal combustion engine, which enabled both life-saving ambulances and the machinery of modern warfare. Artificial intelligence (AI) is on a similar trajectory. With 88% of enterprises adopting AI, the technology is being celebrated for its remarkable potential to improve productivity. At the same time, AI is also emerging as a powerful tool in the hands of malicious actors.

This article explores AI’s potential to increase cyber threats, how to avoid malicious AI and cybersecurity threats, and ensure business continuity using cloud storage.

How AI is being used for hacking and cyber attacks 

How can AI be used for hacking purposes? Broadly speaking, AI expands the threat landscape in two ways: it amplifies and speeds up traditional cyber attack methods, while also creating entirely new attack vectors.  AI accelerates the pace of cyber attacks by enabling hackers to create new threats more quickly than was previously possible. AI then enables enhanced attack automation, which mounts attacks that are harder to detect than anything that came before, for example AI-driven phishing threats. Generative AI (GenAI) is also being used to accelerate the development of malware that is difficult to detect and identify. 

Overview of malicious AI and cybersecurity threats 

AI is affecting the cyber attack chain, enabling a shift from manual attacks to AI-automation that improves the hacker’s target reconnaissance, threat delivery, and exploitation:  

• Reconnaissance — Hackers can build AI-powered reconnaissance and vulnerability discovery tools. These tools can quickly scan for misconfigured firewalls, servers, and cloud storage volumes, such as unpatched operating system (OS) software, storage with public accessibility, and open or unused ports. 

• Delivery — AI-driven phishing threats include AI-generated spear phishing emails and deepfake deceptions. GenAI, derived from large language models (LLMs) and image generators, enables hackers to engage in sophisticated social engineering at scale. They can create fake user accounts to exploit privilege escalation. Alternatively, hackers can use AI-driven automation to harvest large quantities of personal information from social media and then instantly create thousands of highly personalized, plausible phishing messages.  
   
  Deepfake voice and video broaden the risk of executive scams, such as tricking financial employees into wiring funds to hackers’ bank accounts. By employing advanced AI-based natural language personalization, the attack can circumvent filters designed to detect phishing threats.  
   
  AI can also automate credential theft and enhance the effectiveness of brute-force attacks by optimizing password spraying and exploiting multi-factor authentication (MFA) fatigue. 

• Exploitation — AI expands the range of malware possibilities. For example, GenAI software can quickly create intelligent malware that doesn’t possess a known threat signature. This deception tactic enables it to evade filters that search for known threat signatures. 
   
  GenAI can also rapidly create multiple versions of exploits, a process known as code mutation. 
   
  AI also benefits hackers through adaptive attack patterns that learn from failed attempts and use that knowledge to create more effective threat vectors. 

Automated attack chain elements are not a new concept. However, with the latest generation of AI, their capabilities have grown more sophisticated, and their pace and scale have increased..  

Why traditional security countermeasures struggle against AI-based threats 

Conventional cybersecurity countermeasures and controls are deficient in mitigating AI-based cyber threats. They can work, but gaps and weaknesses create more risk exposure than occurred before the AI revolution changed the threat landscape.  

One big problem is that many cybersecurity countermeasures are signature-based. They are looking for evidence of attacks based on signatures of known threat vectors. This method does not work well against AI-created malware that attacks in hundreds of permutations—none of which carries a known signature.  

The scale of AI-based attacks can also overwhelm cyber defenses. Attacks can create a deluge of false positives, resulting in security analyst burnout and “missing the signal in the noise,” so to speak. End users can also become fatigued with MFA requests and reflexively approve malicious sign-ins without realizing that they’re letting attackers into critical systems. 

Prevention and defense alone are no longer sufficient as the basis for cybersecurity. With AI-based threats, it’s imperative to supplement defensive countermeasures with a robust resilience strategy. Only then will you be prepared to recover from inevitable attacks.  

Using cloud object storage to ensure business continuity and cyber resilience 

A resilience strategy is a key element of a defense-in-depth approach to defending against AI-based cyber threats. It goes beyond backups, basic business continuity processes, and disaster recovery (DR) planning. Today’s most effective resilience strategies combine architectural choices with specialized technology, particularly cloud object storage. Adopting best practices for cloud object storage as the foundation for a resilience strategy protects your data against ransomware and AI-driven attacks. 

The role of cloud storage in modern DR strategies 

How can enterprises ensure business continuity using cloud storage as a DR target? One way that cloud storage enables resilience is through the separation of compute and storage. This architectural decision achieves a crucial separation of concerns, enabling your security managers to protect data without compromising application functionality. Then, with cloud object storage, it is possible to use write-once-read-many (WORM) principles, coupled with immutable backups and immutable storage, to prevent backup encryption or deletion. 

Immutable means your backups are unchangeable and tamper-proof. If you’re attacked by ransomware, you can recover your data from your immutable backup without paying the ransom. 

Immutability establishes and enforces a logical air gap, creating a complete separation between data and threat vectors. Cloud-based isolation is the virtual version of the traditional on-prem air gap. It reduces the “blast radius” of damage from an attack.  

Zero Trust security, featuring MFA and access auditing, is an additional element of a resilient cloud backup strategy. It enforces the highest degree of least-privilege access to your backup repositories, making it difficult even for AI-based social engineering attacks to succeed.  

Utilizing cloud object storage with immutability and Zero Trust security yields several positive outcomes for business continuity. These include faster recovery times (RTO/RPO) and predictable recovery even during active attacks. 

Choose a cloud storage provider that offers strong cyber-resilience and immutability features, which include: 

• The ability to define, enforce, and monitor data retention policies 

• Support for multiple modes of compliance, such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and so forth 

• Application Programming Interface (API) controls 

• Integration with predominant vendors for virtualization and backup management  

Wasabi checks all the critical boxes for protecting against AI-driven cybercrime by delivering cyber-resilient, immutable cloud storage with enforceable, monitored retention and support for regulatory compliance. It also offers robust API controls and seamless integration with leading virtualization and backup platforms through Technology Alliance Partners, such as Veeam, Dell Technologies, and IBM.

How organizations can protect data against AI-driven security threats 

How can you avoid the security threats posed by AI? The short and unfortunate answer to this common and understandable question is that you can’t avoid the threats. They’re coming at you, whether you like it or not. However, you can take several steps to mitigate the risks they pose.  

It is possible to defend against AI-based attacks and mitigate their impact using modern cyber resilience capabilities. 

Why AI threats require a new defensive mindset 

Protecting your data from AI threats requires a shift in mindset about security as much as a change in policy and tooling.  

With AI-powered attacks, for instance, you should assume that a breach has occurred. The fact that it hasn’t appeared on your detection systems means nothing. Protective measures and perimeters are going to fail. That is a simple reality with AI cyberattacks. Yes, your defense may catch most of the attackers, but some will get through. The question, then, is what should you do? The wisest course of action is to focus on data survivability. 

Some elements of the new defensive mindset include: 

• Use AI to catch AI threats — Given the scale and variety of AI-based threats, the best countermeasures are those that use AI for defense. AI pattern recognition technology can spot hard-to-detect threats that may be hiding in plain sight. This method is often easier said than done, as AI-based threat detection is not a “set and forget” technology. Pattern recognition tools might spot anomalies that turn out to be benign and ignore patterns that actually represent threats. Continuous tuning is necessary for success.

• Limit administrative access paths — Keeping a roster of privileged users who can access system administrative backends is a good security practice to employ in the face of AI-based threats and social engineering. This effort is partly a matter of policy definition, but policy enforcement is what makes the control effective. For example, if a policy requires MFA and strong passwords for privileged users, it’s essential to ensure that systems are configured to implement such policies. 

• Strengthen authentication for critical tasks — Deploy solutions that make it harder for a single admin to modify or delete data. For example, Wasabi Multi-User Authorization requires approval from multiple users and forms of verification before a sensitive task, such as deleting a file or an account, can be performed. 

• Automate backup verification and recovery testing — Backups are a key countermeasure to reduce the impact of a data breach or ransomware attack. However, without verification and recovery testing, you may be in for a bad surprise when you actually need to recover data that’s been destroyed. 

• Reduce AI attack impact through storage-layer security — The storage layer is the last defense against a data breach or ransomware attack. Assume that you’ve suffered a breach, and then assume that attackers will move laterally across the network and reach your storage layer. If the data is not well protected, it will get exfiltrated or destroyed. Immutable backups mitigate this risk. 

• Make backup data invisible or inaccessible to attackers — An additional data defense is to make your backup data invisible to attackers. Wasabi Covert Copy enables cloud storage users to create a locked, hidden copy of storage buckets, ensuring that critical data remains untouchable, even in the event of a ransomware attack. With Covert Copy, data is logically air-gapped and cannot be seen, accessed, modified, or deleted without Multi-User Authorization. This control protects it from any threat vector. Hackers can’t steal what they cannot see. 

Conclusion 

AI threats are here and will only intensify. If anything, we’re only at the beginning of a long cycle of AI-powered attack vectors growing increasingly sophisticated and difficult to detect.  

Defensive countermeasures are necessary, but it is a mistake to rely on them too much. Cyber resilience is a “must-have” for maintaining a robust security posture. With an effective resilience capability, you can be confident in having a rapid recovery even from the most advanced AI-based threats. In this context, making storage resilient is a strategic security decision. Countermeasures such as immutable backups, Multi-User Authorization, and Covert Copy all work to turn AI threats into manageable operational risks.