Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bitfender. Show all posts

Bitdefender's Perspective on Weaponized AI and Its Impact on Cybersecurity

 


Taking cybersecurity seriously is one of the biggest things users can do to protect their company from cyberattacks. While discussing with Bogdan "Bob" Botezatu, Director of Threat Research at Bitdefender, to get a deeper understanding of what is happening today, including the ever-growing role that Artificial Intelligence is playing in the criminal arena as well as in security.

It has been Botezatu's job to defend Bitdefender customer data from ransomware attacks, as well as to carry out research into IoT vulnerabilities for the past 20 years. He has worked in the cybersecurity industry during this time.  As a result of artificial intelligence, many people tend to envision a sci-fi world in which robots will be taking over human society and their daily routines as its known today. It's important to keep in mind that artificial intelligence is already here, improving everyday technologies like e-commerce, surveillance systems, and many others daily. 

It is a belief that cybercriminals prefer to target anyone, regardless of whether they can gain immediate financial gain from it. Rather, simply infecting someone's computer is of great importance, since having access to that device is very useful to them. Cybercriminals can take advantage of passwords held by them by renting these passwords to other cyber-criminal organizations to send spam or use them as proxies to disguise various illegal activities. 

Hackers can also use stolen identity and personal information to commit fraud. As a result of the rapid rise of artificial intelligence (AI) within the cyber security industry, great cybersecurity players like Bitdefender and bad actors are engaged in an arms race aimed at harming them.  In the context of the Internet of Things, Botezatu found that the growing number of devices connected to the Internet every year is introducing significant cybersecurity vulnerabilities. This essay explains how these devices, in many cases, serve as a liability for users, as many of the bugs they contain are regarded as purely user-centric.

It is widely acknowledged that individuals are at risk of network breaches due to insecure IoT devices, privacy breaches due to vulnerable video surveillance equipment, or even attacks on household items like thermostats that render the devices useless. There is not only the individual threat, but also the collective threat: compromised IoT devices can be incorporated into large botnets that are capable of launching distributed denial-of-service attacks (DDoS), disrupting critical infrastructures, and potentially jeopardizing the whole Internet ecosystem as a whole.

It is recommended that users safeguard all the devices they have connected to the computer through a cybersecurity solution, such as Bitdefender's Family Pack, which manages essential security functions for users, so they can focus on their regular activities without having to constantly monitor their computers. Further, he believes that it is extremely important to keep the software updated, especially those that address security issues because these updates are vital to the prevention of vulnerabilities that could be exploited by criminals to gain access to users. 

The lack of awareness continues to be an ongoing problem in 2024, despite an increase in awareness. This is contrary to what Botezatu describes as the continued prevalence of a lack of password hygiene, such as the practice of reusing passwords across accounts or using weak or compromised passwords. As a result of data breaches, criminals can use these stolen credentials to commit widespread attacks in which they try to gain access to numerous accounts using the stolen credentials. 

According to Botezatu, for each account, it is recommended to use a unique and complex password that can be changed regularly when possible to increase account security. Using tools such as Bitdefender's Password Manager, which simplifies the process of creating strong passwords, helps make it easier to use and remember them, and also helps with users' online security. He also emphasizes that all compatible accounts should be enabled with multi-factor authentication, which serves as an additional layer of protection to the account security in addition to multi-factor authentication. 

In the present day, cybercriminals use artificial intelligence to produce convincing synthetic media, which include deepfakes, which are videos or audio created to simulate the appearance and voice of a real person. A substantial amount of money is lost as a result of using such technology in scams, and Botezatu mentions that elderly individuals - who often have a limited understanding of technological advancements - are more susceptible to these kinds of scams than younger individuals. 

His approach in mitigating this threat is to encourage younger members of the family to play an active role in making sure they are educated about and protected from this threat. He recommends having discussions with seniors about common scams, such as cold calls designed to gain access to a device or account even if no false statements have been made, to protect them from fraud. Also, the development of "safe" communication rules, such as the agreement on a keyword that can be used to authenticate a caller, can help prevent impersonation attacks in the family and enhance trust between members. 

It has also been found that AI is useful for confirming the authenticity of users. In Behavioral Analytics, artificial intelligence is used to detect individuals from a group of people based on things such as how they use the keyboard or move the mouse, Botezatu explained. As a result of the use of these technologies, it is possible to detect deviations that may indicate malicious activity, including insider threats, compromised accounts, or unauthorized access to the system. In the end, the best way to protect against cyber-attacks is to combine powerful cybersecurity technology with user's own vigilance and active surveillance.