Machine learning, swarm intelligence may drive cyberattacks in 2019: Fortinet
US cybersecurity firm Fortinet Inc. on Thursday said hackers could use machine learning and swarm intelligence to carry out attacks in 2019.
Machine learning is an artificial intelligence discipline that allows computers to observe, analyse, self-train, and learn by themselves. In swarm intelligence, various technological systems join strengths to work together in a coordinated way.
As companies increasingly adopt new technologies and strategies such as machine learning and automation, the attackers may begin to use machine learning to develop automated fuzzing programs.
Fuzzing has traditionally been a sophisticated technique used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. They achieve this by injecting invalid, unexpected, or semi-random data into an interface or program and then monitor events such as crashes, undocumented jumps to debug routines, failing code assertions, and potential memory leaks.
Once cybercriminal themselves begin to leverage machine learning to develop automated fuzzing programs, they will be able to accelerate the process of identifying vulnerabilities in a controlled environment, which are termed as zero-day vulnerabilities. The process is called zero-day mining or zero-day attack, which Fortinet predicts will see a lot of acceleration in the future.
Another technique expected to be used excessively in the future is swarm-as-a-service. This is a technique of attack that uses swarm intelligence. The technological advancements headed towards swarm-based bots that can operate collaboratively and autonomously can significantly reduce the amount of interaction needed between hackers and the assisting crew in a criminal ecosystem.
These predictions about the nature of attacks in the future calls for smart and sophisticated defences. Techniques include Advanced Deception Tactics, which involves introducing network variations around false information to repeatedly trigger false positives during mining attacks, thereby forcing attackers to withdraw or risk detection.
Yet another method called Unified Open Collaboration, under which an organisation actively shares threat intelligence within the system, will allow for security vendors and their customers to stay abreast of the latest threats. This will force the attacker to invest in newer attacks, and the costs may deter him/her from a life of cybercrime.