Continue reading this on our app for a better experience

Open in App
Floating Button
Home Digitaledge In Focus

Getting ahead of the surging wave of GenAI-powered ransomware

Jeremy Pizzala and Steve Lam
Jeremy Pizzala and Steve Lam • 6 min read
Getting ahead of the surging wave of GenAI-powered ransomware
Here's how "AI for Cyber" and "Cyber for AI" approaches can help enhance cybersecurity posture. Photo: Unsplash
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

The emergence of artificial intelligence (AI) and specifically generative AI (GenAI) has been a double-edged sword for cybersecurity. On the one hand, these technologies can help businesses respond to cybersecurity threats in real time, while on the other, they are empowering attackers with more sophisticated and accelerated ways to conduct larger scale ransomware campaigns.

For years IT leaders have put cyber near the top of their priorities, investing in technology and tools to detect, halt and keep viruses and malware at bay. Employees have been constantly drilled with standard cybersecurity training on how to spot phishing emails and other threats. While AI is clearly bolstering security responses with higher automation and faster response, AI also threatens to roll back many of our past efforts. Threat actors today are tooled up to unleash a wave of new threats at unprecedented speed and levels of sophistication that bypass current cyber defences – although fortunately we’ve seemed limited impact so far.

For businesses today, they must holistically reevaluate how they look at GenAI, how it impacts people and process and how best to integrate it into their operations to prepare for known and unknown threats looming on the horizon.

GenAI and ransomware today

GenAI and other AI software’s analytical capabilities and operating speeds have given bad actors the potential to generate a plethora of malware programs in rapid timeframes. These never before seen, unique viruses, also known as “zero-day exploits” are not recognised instantly by cyber defenders and anti-malware software and are becoming more commonplace in ransomware attacks.

A significant development in the evolution of ransomware has also been the ransomware as a service (RaaS) business model. As the name suggests, these are groups of people that sell ransomware to other bad actors who do not wish to or cannot develop their own. If you keep in mind the growing ease of generating unique malware, we can be looking at a rapid increase in new malware programs which will be more difficult for basic endpoint detection software to keep up with.

See also: Why an AI-ready network is critical and how to build it

Ransomware attackers are no longer purely after data, but rather they aim to shut down or compromise the operations of a company which will force boards to respond to their demands. Supply Chain, utilities, manufacturing and logistics are historically enterprises that have underinvested in cyber. Ransomware attackers are taking note of these gaps and exploiting these existing vulnerabilities.

As companies around the world move towards increased digitalisation and more sensitive data than ever is stored on the cloud, these trends are especially worrying. For modern businesses, the next critical step is to look beyond perimeter protection and look within.

Fighting fire with fire

See also: Simplifying the path to AI

The solution lies in the threat itself: GenAI. Companies can utilise the software itself to minimise the window of opportunity that bad actors have when attempting to gain access to their internal networks, and even stop them in their tracks. In order to reap the full advantages of having an AI-assisted cybersecurity team, we must first take a closer look at how we are integrating AI into our cyber work.

Corporations should firstly look to adopting an “AI for Cyber” approach where they implement AI solutions in their own cyber defences. Much like how the software is used as a tool for creating new malware, it can also improve the accuracy of malware detection, improve how we manage access to business assets and automate cyber defences to operate at line speeds.

For instance, machine learning and deep learning programmes that rely on statistical analysis can oftentimes help companies pre-empt zero-day exploits from gaining a foothold in their network or systems. By establishing and “learning” the elements of normal activity in a company network, the programs are better at detecting abnormal or out of the ordinary activity and weeding out intrusions in real time.

Alongside the “AI for Cyber” approach, businesses must also roll out “Cyber for AI”. As businesses become more reliant on AI to drive their primary lines of businesses, the number of potential targets for ransomware attacks grows. There will be new risks associated with the usage of AI and businesses should take active steps to mitigate these new cyber risks. This includes incorporating safe AI usage guidance within the business cyber framework and ensuring that data policies and technical controls are updated to account for the business use of AI.

A business that attempts to build resilience by ensuring that its data has been securely backed up, in immutable form, is a great example of one that is implementing resilience. In the event of a successful ransomware attack, the sensitive information can be retrieved safely and quickly, provided systems are backing up on a regular business. This will minimise business downtime while the threat is dealt with and reduce the net harm from a business and data perspective from the incident.

Building up resilience against ransomware attacks cannot stop there, however. Businesses must ensure they also incorporate other defence measures, such as investing in Business Continuity/Disaster recovery planning for cyberattack scenarios and running tabletop simulations of cyber-attacks for staff to know what steps to take in the event that data is compromised.

Privileged identities within an organisation – those that have database administrator access and advanced permissions – must also be managed very carefully since they are usually the ones to be targeted in sophisticated attacks. This requires a combination of not just software protection, but also employee awareness of the newer iterations of phishing and spear phishing scams that they might come across.

Phishing emails, which used to be synonymous with bad grammar and badly created graphics, are no longer as clumsy partially thanks to GenAI’s content creation capabilities. This means we must be more vigilant now than ever about how we interact with emails from addresses we do not recognise and update data security training for internal stakeholders to ensure that everyone is aware of the newer tactics and strategies being used by ransomware attackers.

In the world of cyber security, it is clear that prevention is better than cure. To truly defend ourselves against these up-and-coming threats, we must invest in our own Gen AI capabilities and AI software to create a more robust cyber defence while also having more advanced recovery protocols in place.

Jeremy Pizzala is the EY Asia-Pacific Cybersecurity Consulting Leader and Steve Lam is the EY Asean Cybersecurity Leader. The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organisation or its member firms.

×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.