How Australia can defend against AI-generated cyber attacks

To defend Australia against AI-generated cyber attacks, federal and state governments as well as the private sector must work closely together. Threat vectors haven’t changed, but AI is now making it faster, easier and cheaper for nation-state hackers and criminal syndicates to carry out attacks. This means data sharing between the Five Eyes and our other allies has never been more important. Together governments need to identify emerging AI threats and provide advice to the private sector and citizens on what we need to address and be prepared for.

The rapid evolution of generative AI has not gone unnoticed by cybercriminals. While ChatGPT, Bard and others are gaining popularity in the business world, tools such as WormGPT and many others have emerged on the dark web. These enable threat actors to create more effective phishing emails and new malware variants at scale and faster than ever before.

The types of threats and risks facing governments and businesses in Australia are not new. According to the Australian Cyber Security Centre (ACSC), ransomware, email scams and business email compromise remain the most significant risks. But the capacity for criminals to create and deploy these attack methods is unprecedented and the increased automation that powers these threats has empowered unskilled threat actors.

AI is also enabling criminals to exploit disclosed vulnerabilities faster than ever before. The time between when a vulnerability is disclosed, such as when a patch is released, and when it is being actively exploited by malicious actors is shrinking. In 2022, Mandiant found that the average time between disclosure and exploit was about a month. More recent research has found that time has shrunk to less than a week.

That’s the bad news. But there is good news as well. While the volume and velocity of attacks has increased, and threat actors are exploiting known vulnerabilities faster than ever before, tried and true defensive measures remain effective.

Sharing threat intelligence is critical

No organisation in Australia operates in a vacuum. Sharing information about successful and thwarted attacks is vital in the fight against cybercrime. The federal government shares information with its Five Eyes partners and there are formal networks such as the Australian Signals Directorate’s Australian Cyber Security Partnership Program. This program enables Australian organisations and individuals to engage with the ACSC and fellow partners to draw on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.

There is immense value in industry groups, local business collectives and other informal arrangements that find ways to share intelligence about cybersecurity threats and risks. Cybercriminals focus on specific sectors that use common tools. For example, if a shared service provider to government is attacked, then that information needs to be quickly shared to minimise the risk to other departments and agencies.

The basics of cybersecurity still matter

The ASD’s Essential Eight has been around for well over a decade and has evolved to meet the changing nature of cybercrime. More than ever, it is a robust foundation for all government departments and agencies.

Ensuring all applications and operating systems are promptly updated with the latest security patches minimises the risk that a known vulnerability is exploited by criminals. It’s also essential that all application preferences and settings are configured to minimise the risk of intentional or accidental data loss.

Most information security breaches occur when user credentials and access are misused. Multi-factor authentication (MFA) is no longer a ‘nice to have’: all access should be protected with MFA and users should only have access to the systems and data they need to do their job. Similarly, the links between applications should also be locked down to ensure one breached application doesn’t lead to wider, more damaging attacks.

Regular backups must be undertaken and regularly tested. When a backup is complete, it should be physically and logically isolated from core systems. Many forms of malware start their activity by making backups inaccessible. Ensuring you have reliable backups will aid recovery should an attacker succeed in breaching your other security controls.

While there is a lot to be concerned about as criminals start using AI and other emerging technologies, a well conceived and executed defensive cybersecurity strategy will continue to thwart most attacks. Following a set of robust guidelines such as the Essential Eight, or other standards such as NIST or ISO270001, will help secure Australian organisations against emerging threats.

Image credit: iStock.com/Outflow Designs