privacysavvy

privacysavvy

Friday, September 29, 2023

[New post] AI for APT attacks

Site logo image Veronica posted: " There have been several reports on how humans can trick ChatGPT to write malware, but the possible applications of Artificial Intelligence (AI) in cyberattacks go beyond scripting malicious software. Kaspersky, a global cybersecurity company, disc" Hoodietek

AI for APT attacks

Veronica

Sep 2

There have been several reports on how humans can trick ChatGPT to write malware, but the possible applications of Artificial Intelligence (AI) in cyberattacks go beyond scripting malicious software.

Kaspersky, a global cybersecurity company, discloses that this network of smart machines can be utilized by cybercriminals in each stage of a sophisticated attack.

Noushin Shabab, Senior Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, reveals how AI can assist even in Advanced Persistent Threat (APT), a more targeted and sophisticated type of online assault.

"Beyond malware development, AI can be used in various stages of a sophisticated cyberattack. Nowadays, APT actors combine sophisticated techniques to evade detection and stealthy methods to maintain persistence. New AI developments can be of assistance to cybercriminals from reconnaissance stage to data exfiltration," warns Shabab.

As the name "advanced" suggests, an APT uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.

One of the main characteristics of an APT attack is to gain ongoing access to the system. Hackers achieve this in a series of attack stages including reconnaissance (collecting information about the target, its systems, and potential vulnerabilities), resource development, execution, and data exfiltration.

Reconnaissance

Shabab shared that at present, there are at least 14 active APT groups operating in APAC.

One of which is Origami Elephant, known to acquire domains and virtual private server during its resource development stage. This threat actor (aka DoNot team, APT-C-35, SECTOR02) has been targeting the South Asia region with special interest in government and military entities mainly in Pakistan, Bangladesh, Nepal and Sri Lanka since the beginning of 2020.

The infamous cyberespionage and cybersabotage APT, Lazarus, utilizes social media platforms and messaging apps such as LinkedIn, WhatsApp, and Telegram to reach its targets. The adversary is also known for compromising web services like vulnerable WordPress websites to upload its malicious scripts.

"During reconnaissance, AI can help actors find and understand potential targets by automating the analysis of data from various sources such as online databases and social media platforms and by collecting information about the target's personnel, systems and applications used in a company's environment. Smart machines can even spot the weak entry points by assessing the company's employee details, third-party relationships, and network architecture," she explains.

As widely known, AI can also play a role in malware development, but Shabab also shared that AI can assist in automating tasks related to building attack infrastructure including purchase of network infrastructure, creation of accounts, and compromising network infrastructure and accounts.

Initial access

Shabab also revealed that spear phishing is still the preferred initial access technique for APT actors in APAC. Among the 14 active cybercriminal groups in the region, 10 use this tactic to break into their target's network.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user's computer.

In this initial access stage, AI can help cybercriminals craft highly convincing and personalised phishing messages. These smart machines can also be trained to find the best entry point into target network and know the best timing to launch an attack.

"AI can analyse patterns in network and system activity and launch attacks during periods of low security vigilance or high noise. Thus, machines can assist cybercriminals to find the best timing for a phishing campaign to get initial access, into the victim's networks," Shabab explains.

This technology can also enhance traditional brute-force attacks by intelligently selecting likely passwords based on patterns, dictionaries, and previous breaches. By analysing patterns in user behaviour, social media activity, and personal information, AI algorithms can make educated guesses about passwords, increasing the chances of successful access.

Execution

During the execution stage, AI has the capability to adapt the behaviour of its malware in response to security measures, increasing the chance of a successful attack. AI-based obfuscation can also create polymorphic malware that changes its code structure to evade detection.

AI-chosen command and scripting interpreter can also analyse the target environment, understand system characteristics, and select the most suitable options for running malicious scripts or commands. AI-driven social engineering tactics could also increase the likelihood of users interacting with malicious files, enhancing the success of the execution phase.

Persistence

APT groups are known for the sophisticated technique to remain inside a network without being caught. Shabab shared that the most common techniques among APT actors in APAC to achieve persistence are:

  • Scheduled Task/Job: Scheduled Task
  • Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

For this stage, AI can create the most suitable script to execute the malware based on user behaviour analysis. Threats actors can also develop AI-powered malware that can dynamically adapt its persistence mechanisms based on changes in the target environment.

AI-driven monitoring mechanisms can also track system changes and adjust persistence tactics accordingly and AI-guided techniques can also manipulate Windows Registry entries to update persistence registry keys and evade detection.

Data exfiltration and Impact

Shabab also explained how AI can help exfiltrate stolen data in a more stealthy and efficient way.

"AI can analyse network traffic patterns in order to better blend in with the regular network behaviours and determine the most suitable communication channel to exfiltrate data for each victim. It can even optimize obfuscation, compression, and encryption of the stolen data to avoid abnormal traffic detection," she adds.

She also warned that AI can assist in maximizing the attack impact by enhancing the effectiveness and efficiency of attackers' actions.

To boost enterprises' and organisations' defences against AI-assisted APT attacks, Shabab suggests the following:

  • Advanced security solutions: Implement security solutions that use advanced methods to monitor user and system behaviours. This can help identify deviations from normal patterns, potentially signalling malicious activities.
  • Regular Software Updates: Keep all software, applications, and operating systems up to date to mitigate vulnerabilities that attackers might exploit.
  • User Training and Awareness: Provide employees with training on cybersecurity best practices, including recognising and avoiding social engineering attacks and phishing attempts.
  • Multi-Factor Authentication (MFA): Enforce MFA for accessing critical systems and applications, reducing the risk of unauthorized access even if credentials are compromised.

To know more about Kaspersky's advanced security solutions, interested customers can visit: https://www.kaspersky.com/enterprise-security.

Kaspersky will continue the discussion about the future of cybersecurity at the Kaspersky Security Analyst Summit (SAS) 2023 happening in Phuket, Thailand, from 25th to 28th October.

This event welcomes high-caliber anti-malware researchers, global law enforcement agencies, Computer Emergency Response Teams, and senior executives from financial services, technology, healthcare, academia, and government agencies from around the globe.

Comment
Like
Tip icon image You can also reply to this email to leave a comment.

Unsubscribe to no longer receive posts from Hoodietek.
Change your email settings at manage subscriptions.

Trouble clicking? Copy and paste this URL into your browser:
http://hoodietek.com/2023/09/02/ai-for-apt-attacks/

WordPress.com and Jetpack Logos

Get the Jetpack app to use Reader anywhere, anytime

Follow your favorite sites, save posts to read later, and get real-time notifications for likes and comments.

Download Jetpack on Google Play Download Jetpack from the App Store
WordPress.com on Twitter WordPress.com on Facebook WordPress.com on Instagram WordPress.com on YouTube
WordPress.com Logo and Wordmark title=

Automattic, Inc. - 60 29th St. #343, San Francisco, CA 94110  

at September 29, 2023
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

The Daily 3: Wellcare dropped 140,000 beneficiaries from zero-premium drug plans over unpaid premiums as low as $8.10—can't re-enroll until January, face lifetime penalty

Catch up in minutes with your daily briefing on the Social Security, Medicare & Retirement news that affects you most.  ‌ ‌ ‌ ‌ ‌ ‌...

  • Dork List
    ...
  • End of week Artemis update - July 18th 2025
    A round-up of our ILS focused news from this week ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌...
  • Artemis London 2025: Under two months to go
    Register now to attend at the lowest price ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌...

Search This Blog

  • Home

About Me

privacysavvy
View my complete profile

Report Abuse

Blog Archive

  • July 2026 (15)
  • June 2026 (75)
  • May 2026 (73)
  • April 2026 (94)
  • March 2026 (92)
  • February 2026 (76)
  • January 2026 (77)
  • December 2025 (79)
  • November 2025 (73)
  • October 2025 (88)
  • September 2025 (79)
  • August 2025 (71)
  • July 2025 (89)
  • June 2025 (78)
  • May 2025 (95)
  • April 2025 (85)
  • March 2025 (78)
  • February 2025 (31)
  • January 2025 (50)
  • December 2024 (39)
  • November 2024 (42)
  • October 2024 (54)
  • September 2024 (83)
  • August 2024 (2665)
  • July 2024 (3210)
  • June 2024 (2908)
  • May 2024 (3025)
  • April 2024 (3132)
  • March 2024 (3115)
  • February 2024 (2893)
  • January 2024 (3169)
  • December 2023 (3031)
  • November 2023 (3021)
  • October 2023 (2352)
  • September 2023 (1900)
  • August 2023 (2009)
  • July 2023 (1878)
  • June 2023 (1594)
  • May 2023 (1716)
  • April 2023 (1657)
  • March 2023 (1737)
  • February 2023 (1597)
  • January 2023 (1574)
  • December 2022 (1543)
  • November 2022 (1684)
  • October 2022 (1617)
  • September 2022 (1310)
  • August 2022 (1676)
  • July 2022 (1375)
  • June 2022 (1458)
  • May 2022 (1297)
  • April 2022 (1464)
  • March 2022 (1491)
  • February 2022 (1249)
  • January 2022 (1282)
  • December 2021 (1663)
  • November 2021 (3139)
  • October 2021 (3253)
  • September 2021 (3136)
  • August 2021 (732)
Powered by Blogger.