How is Artificial Intelligence Changing Cyber Crime?

Cyber threat intelligence is a conceptual term with an international impact. Agencies around the world are racing to identify and stop cybercriminals from infecting and infiltrating networks to use our data against us. In this episode of No Password Required, Dr. Sagar Samtani, assistant professor of information systems and decision sciences at the University of South Florida, explains the cyber threat intelligence (CTI) life cycle and what you and/or your organization should do to help protect data assets and prevent cyberattacks.

Data is the prime target of many cybercriminals, yet what data they are searching depends on their goals. Are they scraping for social security numbers? Obtaining passwords? Collecting credit card numbers? Or worse? And why? It’s hard to imagine all the ways that data can be exploited.

Your data is widely available depending on where and how you store your data and whom you give permission to access that information. Personal choices, like having a smartphone, can be a gateway to someone collecting your data. Being on the grid with a social security number, health insurance, financial accounts, all these bits of information are housed somewhere, and cybercriminals know this. With the help of artificial intelligence (AI), cybercriminals are able to scrape data faster than ever before and with the launch of quantum machines, our security choices will be paramount to protecting our identity and data assets.

Cyber threat intelligence is helping individuals and industries protect themselves by understanding what is important, what are the exploits, and how to effectively respond. It is also helping to refine artificial intelligence algorithms to better assist in threat analytics. Dr. Samtani describes how industries are responding to industry-specific cybercrimes and developing response standards, protocols, and frameworks. He gives the example of the healthcare industry and HIPAA compliance as well as financial institutions and their evolving PCI compliance protocols. Understanding why a data asset is a target is a key facet to the cyber threat intelligence life cycle.

 

What are the Four Phases of Cyber Threat Intelligence?

Identify what assets you (an organization) possess that hold value, e.g., a social security number, and how to protect those assetsData collection that is relevant to those critical cyber assetsThreat analytics – whether traditional or AI techniques are being utilizedOperational Intelligence – how is the compromised data actually used or exploited

Dr. Samtani explains there are two basic types of cyber threat intelligence analytics. First are the traditional threats, such as malware analysis. The second category is quickly changing as artificial intelligence evolves: data mining, text mining, and natural language processing based on pattern and techniques. Building systems that are designed to log and report data is crucial to discovering breaches and reporting them to prevent further penetration.

 

Once Data is Stolen, Where Does it Go?

Dr. Samtani discusses how hackers, cybercriminals, even geopolitical threat actors are using the data. He explains how the Dark Web is playing a role as a marketplace and toolbox for hackers. He details the four basic platforms--forums, Dark Web marketplaces, darknet carding shops, and internet relay chat--that cybercriminals use to complete their tasks and possibly grow their notoriety. Hacker behavior on the Dark Web is unlike traditional crime circuits where anonymity is preferred. There are tiers of hacker and they can use their screen names to build their reputation for monetization, credibility, and recognition. Artificial intelligence is being fine-tuned to help detect cybercriminals through intelligent predictions.

 

Security Protocols and the Danger of Oversharing

Individuals, organizations, developers, and even marketers play a role in security. Developers who were once tasked in racing product to market are now evolving to build-in and protect against exploits. Cultures are changing to bring awareness of the dangers of oversharing and learning from other’s breaches and incidents. Dr. Samtani and No Password Required host Bill McQueen discuss how oversharing can be as simple as a phone call asking what version a software is on and divulging that information, likening that to handing over the keys to a car.

 

The Study of Cybersecurity Science

As computing evolves, so do the crimes; the cybersecurity field is in the infancy of where it will be potentially. Developing talented professionals to stop cybercriminals, building frameworks and protocols, and advocating for strong cyber cultures at home and in the workplace will be essential to the future. There is ample opportunity for employment and research in the field of cybersecurity, cyber threat research, and cyber threat intelligence.

 

TIME STAMPS

1:12 Who is Dr. Sagar Samtani

1:30 How Does AI Automate Cybercrime and Cyber Threat Intelligence

3:08 The Four Phases of the Cyber Threat Intelligence Life Cycle

7:43 How Do You Rate and Respond to a Cyber Threat

10:03 Industry Specific Frameworks for Threat Identification and Mitigation

10:24 Data Characteristics in Cybersecurity

11:20 Defcon and AI Village

11:48 Tuning Algorithms for Cybersecurity

12:54 How are Hackers Fighting Against AI Detection

13:53 Developing Organizational Strategies to Counter Cybercrime

15:19 Cybersecurity/AI Ethics and Rules

18:40 Dark Web & Data

19:38 Dark Web Platforms

22:53 Access to Dark Web Platforms

23:50 Hacker Notoriety – Reputation, Monetization and Detection

27:40 Developers & Cyber Security Protocols

29:35 Double-Edged Sword of Sharing Cybersecurity Capabilities

30:40 Operational Intelligence and Risk Management

31:58 Hacker Behavior on the Dark Web/Darknet

33:40 What Can We Do to Protect Ourselves? Following the CTI Lifecycle

35:44 Cybersecurity Science as a Legitimate Field