Digital with the Rapid Evolution of Artificial Intelligence

Artificial Intelligence and Cybersecurity: Allies or Threats?

• AI is advancing rapidly and is being integrated into all technological fields, including cybersecurity.
• AI is seen as a powerful defense tool, but it is also a dangerous tool useful to cybercriminals.

Problem: Is AI a strategic ally or a threat to be controlled?

Current Cybersecurity Landscape

-AI is used for:

• Behavioral threat detection (e.g., EDR/XDR)
• Automated triage of security alerts
• Hardening Firewalls with Machine Learning

-But cybercriminals use it to:

• Generate ultra-realistic phishing
• Create malware that is harder to detect
• Carry out automated and targeted attacks (e.g., vulnerability recognition using AI)

Benefits and Risks

-The advantages:

• Reducing false positives in SOCs through intelligent analysis
• Faster incident response with task automation
• Anticipation of threats via Machine Learning (example: Detection of abnormal patterns)

-Threats:

• Deep Fakes and synthetic voices to deceive voice or visual access
• AI-driven cyber weapons (e.g., robots that adapt to attacks in real time)
• False confidence from poorly trained or biased AIs, which may ignore certain threats

Case Study

1- Microsoft Defender for EndPoint uses AI to automatically block
Ransomware in less than a second

2- In 2023, a deep fake voice imitating an executive was used to embezzle more than $250,000 from a UK company.

3- APT groups (see Appendix: Some Useful Information) such as Cobalt and Lazarus are experimenting with AI tools to optimize their intrusions.

Key recommendations

Protecting yourself against malicious AI:

• Train employees to detect malicious AI content (Phishing, Voice, Deepfakes)
• Implement solutions capable of identifying AI-powered attacks
• Continuously and proactively monitor the evolution of automated cybercrime techniques

Leveraging Defensive AI:

• Equip yourself with emerging cybersecurity solutions integrating AI
• Implement an ethical and transparent framework for the use of AI
• Test and validate the effectiveness of AI tools with simulation exercises

AI can revolutionize digital defense as it can be an ultimate danger in the hands of cyber criminals.

4 Common Mistakes to Avoid

1. Replacing human cybersecurity expertise with AI
2. Neglecting AI’s boundaries, capabilities, and security
3. Using Generative AI without oversight in business workflows
4. Minimizing malicious AI used by cybercriminals

Some Useful Information

1. An APT (Advanced Persistent Threat) group is a group, typically sponsored by a state or a highly organized entity, that engages in espionage, data theft, and long-term sabotage. This group uses advanced tactics, techniques, and procedures to target governments, critical infrastructure, and large corporations. This group poses a significant threat to sensitive information, national security, and business operations.
2. The Lazarus Group, a North Korean state-sponsored APT, is one of the most notorious cyber adversaries, known for its espionage, financial theft, and disruptive attacks. Belonging to North Korea’s Reconnaissance General Bureau (RGB), Lazarus has been active since at least 2009, conducting operations aligned with the country’s strategic and financial objectives.
3. The Cobalt APT Group uses comprehensive and powerful tools to assess the security of networks and systems, and to identify and exploit potential vulnerabilities and weaknesses.

Top 10 Advanced Persistent Threat (APT) Groups That Dominated 2024:

1. Salt Typhoon (Chinese)
2. Lazarus Group
3. APT31
4. APT41
5. Kimsuky or APT43
6. APT29 (Russian)
7. Star Blizzard
8. APT28
9. Flax Typhoon
10. Volt Typhoon