Last Updated on January 20, 2024 by SPN Editor
JPMorgan Chase, the largest bank in the United States, is currently contending with an onslaught of approximately 45 billion daily cyber-attacks, marking a twofold increase within the past year. This notable surge underscores the escalating cybersecurity challenges confronting the banking industry, especially major entities on Wall Street. In response to these heightened cyber threats, JPMorgan Chase is committing an annual investment of $15 billion in cyber defense and has assembled a formidable team of 62,000 technologists, as disclosed by Mary Callahan Erdoes, the head of the bank’s asset and wealth management division. These insights were shared by Erdoes during a panel discussion at the World Economic Forum in Davos, Switzerland.
Erdoes underscored the imperative nature of this substantial cybersecurity investment, asserting, “We have more engineers than Google or Amazon. Why? Because we have to.” She further emphasized that cybercriminals are evolving in sophistication and speed, necessitating the establishment of a robust cyber defense infrastructure.
Banks throughout the United States and Europe have reported a notable surge in cyber-attacks in recent years, with some attributing this increase to Russian entities responding to sanctions imposed following the invasion of Ukraine. The rapid progression of artificial intelligence (AI) has also played a role in amplifying the intricacy of these cyber threats.
Gita Gopinath, deputy managing director of the International Monetary Fund and a participant in the panel discussion, expressed concern about the use of AI by hackers. She cautioned about the potential occurrence of a major event before effective cyber defense countermeasures can be implemented. This apprehension aligns with a recent Bank of England survey, revealing that financial institutions perceive such attacks as the primary systematic risk to the sector. A survey conducted by KPMG last year found that over 70% of bank executives regarded cybersecurity as a significant concern for their companies.
Erdoes concluded her remarks by underscoring the critical importance of staying ahead of these evolving threats, stating, “It’s so hard, and it’s going to become increasingly harder. That’s why staying one step ahead of it is the job of every one of us.”
How AI is Used in Hacking?
Artificial Intelligence (AI) and Machine Learning (ML) are increasingly becoming tools of choice for cybercriminals, enabling them to execute sophisticated attacks with greater efficiency and stealth.
Here’s a detailed breakdown of how AI is leveraged by cybercriminals:
Automating Attacks: AI facilitates the automation of cyber-attacks, streamlining the process and allowing for the scalability of these attacks. By automating the execution of malicious activities, cybercriminals can launch a large number of attacks efficiently. The automated nature of these attacks also makes them more challenging to detect, as they can occur rapidly and on a broader scale.
Creating Convincing Phishing Messages: AI is employed to craft phishing emails that are highly convincing and appear legitimate. The technology is used to generate content that mimics authentic communication, such as emails from trusted entities. Additionally, AI can fabricate fake personas to enhance the credibility of phishing campaigns. This makes it more likely for individuals to fall victim to phishing attempts, as the messages seem trustworthy and authentic.
Developing Undetectable Malware: AI plays a role in creating malware that is specifically designed to avoid detection by traditional security controls. By leveraging AI algorithms, cybercriminals can develop sophisticated malware that can adapt and evolve to evade identification by antivirus programs and other security measures. This makes it more challenging for security systems to detect and prevent malicious software from compromising a system.
Cracking Passwords: AI enhances the efficiency of password-guessing attacks by employing advanced algorithms and machine learning techniques. Cybercriminals can use AI to analyze patterns in user behavior, common passwords, and other factors to optimize their attempts at guessing passwords. This increases the success rate of password-cracking attacks, allowing unauthorized access to accounts and systems.
Analyzing Data for Targeted Attacks: AI is utilized to analyze vast amounts of data to identify potential targets for cyber-attacks. By processing and interpreting large datasets, cybercriminals can tailor their attacks to exploit specific vulnerabilities in targeted systems or individuals. This targeted approach makes the attacks more precise, impactful, and likely to succeed.
Creating Deepfake Data: AI is employed to generate deepfake data, which refers to fabricated multimedia content that convincingly mimics real data. In the context of cybersecurity, deepfake technology can be used to create deceptive content, such as forged videos or audio recordings. This enables cybercriminals to deceive users or security systems by presenting manipulated content that appears genuine.
Building Better Malware: AI contributes to the development of more sophisticated and effective malware. By leveraging AI algorithms, cybercriminals can enhance the capabilities of malicious software, making it more resilient, adaptive, and capable of inflicting greater damage. This continual improvement in malware sophistication poses a significant challenge for cyber defenses.
Stealth Attacks: AI aids in launching stealth attacks that can go undetected for extended periods. Cybercriminals use AI to design attacks that operate covertly, minimizing their footprint and avoiding detection by traditional security measures. Stealth attacks aim to infiltrate systems, gather information, or carry out malicious activities without alerting security systems.
AI-supported Password-Guessing and CAPTCHA-cracking: AI enhances the efficiency of password-guessing attacks and the cracking of CAPTCHAs. Password-guessing attacks benefit from AI’s ability to analyze patterns and optimize guessing strategies. Additionally, AI is employed to automate the process of overcoming CAPTCHAs, which are security measures designed to distinguish between human users and automated bots.
Generative Adversarial Networks (GANs): GANs are utilized to generate new data that can deceive security systems. In the context of cybersecurity, GANs can be employed to create synthetic data that mimics legitimate information. This synthetic data can be used by cybercriminals to bypass security measures that rely on the analysis of data patterns, making it challenging for defenses to distinguish between genuine and fabricated information.
Human Impersonation on Social Networking Platforms: AI is employed to craft realistic profiles on social networking platforms, enabling cybercriminals to impersonate individuals convincingly for malicious purposes. By leveraging AI-generated content, such as realistic photos and persona details, cybercriminals can create deceptive profiles that appear genuine to other users. This tactic is often used for social engineering attacks and spreading misinformation.
While AI presents significant threats in the hands of cybercriminals, it’s essential to note that AI also serves as a powerful tool for defending against these very threats. The same capabilities that make AI effective for malicious activities can be harnessed by cybersecurity professionals to enhance threat detection, response, and overall cybersecurity measures.
What is Cyber Defense?
Cyber defense constitutes a network protection mechanism encompassing responses to actions, critical infrastructure protection, and information assurance for diverse entities, including organizations, government bodies, and other potential networks. Its primary focus lies in the prevention, detection, and timely response to cyber threats or attacks, ensuring the integrity of infrastructure and safeguarding sensitive information. Given the escalating volume and complexity of cyber attacks, cyber defense has become indispensable for entities seeking to fortify their security posture.
Cyber defense engages in the analysis of potential threats within that environment. Cyber defense entails capabilities for detecting and responding to attacks, conducting technical analyses to identify potential targets, and fortifying areas vulnerable to exploitation.
Moreover, cyber defense furnishes the necessary assurance to facilitate seamless processes and activities, alleviating concerns about potential threats. It contributes to optimizing the utilization of security strategies and resources, enhancing overall effectiveness. Moreover, cyber defense aids in refining the allocation of security resources and expenditures, particularly in critical areas.
How AI is Used in Cyber Defense?
In cyber defense, AI plays a pivotal role in fortifying digital security measures. AI technologies are adept at swiftly analyzing vast datasets, identifying patterns, and detecting anomalies that may signify potential cyber threats. Machine Learning algorithms empower AI systems to continuously evolve and adapt, enabling them to stay ahead of sophisticated cyber-attacks.
AI-driven threat detection mechanisms can swiftly identify and respond to unusual activities, providing a proactive defense against emerging threats. Additionally, AI assists in automating routine security tasks, allowing cybersecurity professionals to focus on strategic decision-making and addressing complex, high-priority issues. The utilization of AI in cyber defense not only enhances the efficiency of security operations but also contributes to the development of a dynamic and resilient defense infrastructure capable of mitigating evolving cyber risks.