The security company Barracuda Networks published a new report in the form of a blog yesterday on the influence of AI on cyber attacks and how to defend against them.

The report is a summary of the more than 950 billion events recorded by the Barracuda Managed XDR Platform during the first half of this year. In these incidents, AI played a prominent role in both defense and attackers.

On the defensive

Those 950 billion incidents included thousands classified as “high risk.” A majority of these, the report said, were attacks aimed at identity theft, a form that is becoming more sophisticated.

Barracuda counteracted this by profiling accounts using AI. Each employee has a specific digital profile (how they work, when, where, etc.). Deviating from this, AI detection can help analysts determine more quickly whether malicious intent is behind it.

The top three high-risk detections recorded by Barracuda Managed XDR were:

• Registrations that are not geographically possible: Logins that occur in a short period of time between two widely separated geographic locations. There’s a chance it’s a VPN, but more realistically it’s an unauthorized login attempt.
• anomalies: Things that deviate from the normal pattern of an account, organization, or person. For example, it could be logging in and immediately logging out again, or unexpected access to a file. This may indicate malware or a phishing attempt.
• Communication with known malicious elements: Detection of a system attempting to connect to IP addresses, domain names, or files known to be malicious. This can also indicate phishing or malware.

attack

Every new technology is used for good and evil. This has always been the case throughout history, think iron, gunpowder or airplanes. AI is no different here. Attackers are only too happy to take advantage of this.

For example, AI models can create emails that are almost indistinguishable from the original. Then it becomes much more difficult for the average employee to judge whether the link is fake or not.

There are also AI systems that can learn and copy their opponent’s behavior. They can also learn from previous failed attack attempts or adapt to changes in their target’s defenses to identify weaknesses.

Late last year, Barracuda integrated its email security systems with Amazon Security Lake. Unfortunately, that hasn’t prevented a recent zero-day attack in the Barracuda Email Security Gateway from being exploited for a while.