Thursday, September 29, 2022

Automated cybercrime: fighting fire with fire

Automated cybercrime fighting fire with fire

The shift to remote work through digital innovation has prompted concerns about information security. With the growing scale, speed and efficiency of today’s artificial intelligence tools, automated cybercrime is on the rise.

One misconception that is all too commonly heard is that cyber criminals may have no reason to target certain individuals. Most people aren’t millionaires or company CEOs with valuable information to steal after all.

This however could not be further from the truth. Cybercrime is not necessarily about the monetary value on offer, but rather that every individual has something that a hacker might be able to exploit and monetize, and it doesn’t matter if they aware of it or not.

In traditional crime, a thief can only migrate or rob one individual at a time and come away with anything from spare change to a gold watch – the robbery stops there. In the cyberworld, a thief can rob an entire neighborhood or even city – so to speak – in a single swoop.

This type of attack is called ‘credential stuffing’. With the growing scale, speed, and efficiency of automated cybercrime tools, a hacker can steal many individuals’ personal data from less secure places, and use that same data to access higher value targets that people use their same passwords for.

This can also be disastrous for companies. 51% of people use the same passwords for both work and personal accounts according to DataProt. All of these individuals’ accounts are tiny windows among thousands or even millions of potential breach points in an automated cybercrime attack that could penetrate a large company’s data.

Anti-cybercrime teams and companies have long been fighting automation with automation to such an extent that the future of information security looks like a constant ongoing battle between two types of AI: the good and the bad.

In some major retail stores, as much as 90% of attempted logins are done by AI cybercrime tools, and many tools used today are also AI run defenses. However, if there is one lesson one can take from this, it is not to use the same password for multiple accounts, especially accounts linking to money or exchangeable valuables.