US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
It's not all doom and gloom because ML also amplifies defensive efforts, probably
Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.
Joyce, speaking at CrowdStrike's Government Summit Tuesday, said he doesn't expect to see — at least not "in the near term" — AI used "for automated attacks that will rip through systems at speeds that are unfathomable today."
Machine learning and its chatbot offspring are "the tools that are going to flow and increase the pace of the threat," Joyce claimed. "It's not going to generate the threat itself." The usual caveats and limitations of today's large language models, in other words.
Miscreants can use ML software to develop more authentic-seeming phishing lures and craft better ransom notes, while also scanning larger volumes of data for sensitive info they can monetize, he offered. These tools may be handy while developing some stages of a cyberattack; generating boilerplate code for malware, sending out messages, gathering information about a target, and so on.
AI gives network defenders these same opportunities, Joyce added. "So for the next year we are going to be very focused: what tools come out that will … give us the advantage as defensive folks."
Joyce's keynote echoed earlier comments from Mandiant Labs senior principal Robert Wallace, speaking during a panel discussion on adversaries at the conference.
"AI is a very powerful tool that adversaries are using," Wallace said.
Over the past few months Mandiant has documented this usage, which includes Russian and Chinese cyber spies using AI to scan the internet for exploitable vulnerabilities. The two authoritarian nations also use automation to spew disinformation across social media channels.
"What's important to keep in mind: it's still an adversary on the other end of that AI," Wallace added. "At the end of the day, real intelligence or threat intelligence can trump artificial intelligence — at least when you're trying to disrupt adversaries in what they're doing."
- Why a top US cyber spy urges: Get religious about backups
- US, NATO military plans leak: Actual war strategy or pro-Kremlin shenanigans?
- US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities
- US cyber chiefs: Moving to Shields Down isn't gonna happen
Also during the summit: Joyce discussed the "big four" nation-state threats (Russia, China, Iran and North Korea), which he called "perennial problems," plus the growing scourge of criminals deploying ransomware and extorting organizations.
Russia has been a major focus for the US government since it invaded Ukraine last year, and for a series of data-wiping attacks.
Joyce said China is "the enduring challenge for us, past, present and future", citing the Hafnium campaign against vulnerable Microsoft Exchange servers in 2021.
That ransacking of systems was unusual in that, even after the Feds and private-sector threat hunters attributed the breach to China's state-sponsored crooks, Hafnium did not disappear but doubled down and "dialed up the scripts," Joyce said.
"They hit scan, and they parsed the whole entirety of the internet looking for vulnerable servers, and they threw an exploit at every single one they found," he said, describing it as a "massive land grab of tens of thousands" of devices exploited "for the purposes of smash and grab and prepositioning."
"Any exploited box was a good-exploited box because it was a pivot point, it was information, it was an opportunity, and that was just so brazen," Joyce added. "There's a boldness and a willingness to take operational risks because they're not seeing the downside of running those kinds of operations."
'Keep calm and carry the hell on'
On a different panel at the event, US Cybersecurity and Infrastructure Security (CISA) Director Jen Easterly said state-sponsored groups from Russia, China, Iran and North Korea, plus other cybercriminals, "operate with relative impunity" in countries that provide them safe harbor or even incentives to target Western organizations and governments.
"We still are not at a level where we have a sustainable approach to securing our nation," Easterly said, adding that the big lesson learned from Ukraine in the ongoing Russian was "is the power of societal resilience."
"I don't think our country really showed that during the Colonial Pipeline" ransomware attack in 2021, she said. That infection, according to the Feds, contributed to the fuel shortages on the east coast of the USA when the pipeline was left inoperable for five days.
Fights broke out at US gas stations as supplies of fuel were delayed in some areas by the incident.
Easterly said the recent incursion of a Chinese spy balloon into US airspace catalyzed a resolve to create a sustainable security posture.
And while Easterly also used her talk to push secure-by-design technology, corporate cyber responsibility, and operationalized public-private cybersecurity collaboration like the Joint Cyber Defense Collaborative (JCDC) — all ongoing priorities she has advocated in the past — resilience is key.
According to Easterly: "At the end of the day, our ability to keep calm and carry the hell on is really going to be key to dealing with very significant nation-state threats." ®