The Changing Cyber ​​Threat Landscape and the Benefits of AI and Machine Learning


Derek Manky, Head, Security Insights & Global Threat Alliances, FortiGuard Labs; and Jonas Walker, Security Strategist at Fortinet’s FortiGuard Labs, discuss the changing threat landscape and the role of artificial intelligence and machine learning in combating today’s cyberthreats.

Today’s threat actors rely on new tools and techniques to improve the effectiveness of their attacks. With attacks becoming faster, more agile and more sophisticated, maximizing artificial intelligence and machine learning approaches to defend against evolving attack techniques is essential.

We caught up with Manky and Walker to ask some of the burning questions that cybersecurity leaders will be intrigued to know the answers to.

OWhat changes have you observed in the cyber threat landscape over the past three months?

Manky: We see weekly changes driven by three major factors:

  1. We see more speed and speed can kill. We often talk about the fact that there is more sophistication and more threats there. We know that, but what we’re seeing now is that there’s an element of agility here. Threats enter a system, reach targets, exfiltrate data, demand a ransom and exit a system – much faster than normal. This includes attackers who exploit new vulnerabilities, both zero-days and n-days. That’s one of the biggest concerns, it’s this theme of speed in attack.
  2. The second thing we see is more aggression. You can imagine that when you combine them you get an even more potent mix, right? This is the problem. Yes, there is more speed, but there is also more aggressiveness. This includes double extortion, triple extortion themes and targeted attacks that we also see.
  3. Third, it’s about tactics, playbooks. There are more tactical approaches and two-step attacks that we see after doing reconnaissance to get information, including information from social media, for example. On top of everything we’ve talked about before, we’re still seeing more volume. All of this translates into more risk.

What new attack tactics do you see being used in the cyber threat landscape?

Walker: If we look at the Techniques, Tactics, Procedures (TTPs) and playbook aspect, we actually get the big picture on this. We look at real data at a very granular level. There are a lot of developments, but evading the defense is one of the best techniques attackers focus on. There are 42 different techniques associated with this.

In 2022, wiper malware was much more active than in recent years, which ties into the theme of aggression. It is a destructive malware that erases hard drives and master boot records of systems. We are also starting to see this connection to the world of extortion. We’re not just talking about data at risk, but system infrastructure at risk now.

Another popular attack pattern targets firmware. Firmware attacks can come from a variety of vectors, from malware and rootkits to infected hard drives, corrupted drives, and insecure firmware products. Hackers do not need to physically touch a device to carry out an attack. They can do this via remote connections such as Bluetooth and Wi-Fi. This means that the growing market for connected devices, such as game consoles, mobile phones and television, is becoming increasingly vulnerable to hacking. firmware.

What can organizations do to protect against these attacks? How are AI and machine learning factored into the defense equation?

Manky: It is important to distinguish the differences and they are all necessary. First, you have the basic level – automation. Consider a threat feed with threat information and applied policies. Without it, organizations would be lost, quite frankly. For example, we respond to 100 billion threats a day with FortiGuard Labs, and the majority of them are automated. Automation is largely aimed at reducing the volume of detections and policies needed for speed, reducing reaction time and offloading mundane tasks from SOC analysts.

Where machine learning and AI come into play is for unknown threats. The question here is: how do you get a head start? AI is the action piece, while machine learning is the learning piece. Machine learning works on models and each application can use a different model. Machine learning for web threats is entirely different from machine learning for zero-day malware. Organizations must be able to do everything to protect themselves effectively against various attack vectors. By using machine learning and AI, you significantly reduce risk. Plus, you offload the costs of your OpEx model since you don’t need to rent to get out of trouble.

Walker: The other element is the conversation about skill gaps. Machine learning not only replaces, but also fills these gaps. We know there is a labor shortage globally, not just in cybersecurity, of course, but specifically in cybersecurity. How do you bridge this gap? Does it make sense to go and hire 20-30 people into your NOC or SOC – and even if you have the capacity to do so, can you find the people? This is where machine learning solutions can help skilled employees. An integrated approach such as a security framework is very powerful.

What additional safeguards do you recommend to protect against today’s cyber threat landscape?

Manky: In my conversations with CISOs, they often say to me: “I’m overwhelmed, there are a lot of attacks, a lot of information, how can we simplify this?” Actionable threat intelligence is the answer. Networking and security are converging and that is why you need to have actionable threat intelligence and security subscription services. Being able to detect and respond to threats is the first priority and to understand the threat landscape. Essentially, you need these three elements working in harmony: automation and orchestration, AI/ML, and escalation paths to SOC analysts on items that have been escalated as high priority.

Walker: Network segmentation is something I recommend as a very effective practical approach to reducing risk, as many of these threats can potentially penetrate a device system. If you segment it, it won’t be able to spread and hit other systems and create further downtime.

Manky: Besides that, Zero Trust and ZTNA are a hot topic these days. There’s a lot going on in networks, devices going in and out, apps turning on and off, and so on. The idea that nothing should be trusted in oneself can greatly increase security, instead, trust must be earned. In addition to this, it is essential to simulate breaches and attacks and have a plan in advance. We often say: “It is not a question of knowing if, but when, there will be an attack”. Yes, you need to do all the prep work, but at the same time have a game plan.

Walker: Employee education and security awareness training are of course things that need to be implemented when dealing with cyber threats. Employees are often the first line of defense in many cases.

Click below to share this article


Comments are closed.