Front-Code

Get the monthly magazine about Cyber Security. Download Now

The Role of Artificial Intelligence in Cybersecurity

Table of Contents

Distributed denial of service attacks levels are such that cybersecurity professionals must explore new methods of defence in order to stay secure

The cybersphere is in a precarious place. The digital frontier is expanding as more companies push for digital transformation, but as the infrastructure does, so does the attack surface.

Cyber attacks are on the rise: according to Mimecast’s Email and Collaboration Security report, forecast cybercrime is expected to surge by 15% throughout 2024, going from a global total of US$8tn in 2023 to a projected US$10.5tn by the end of 2025.

Cybercriminals are constantly developing new techniques and leveraging emerging technologies to exploit vulnerabilities and disrupt critical systems. Yet among the surge in attacks, such as ransomware of business email compromise, one form of attack has seen a somewhat surprising exponential surge: DDoS.

DDoS Dynamics

A new wave of Distributed Denial of Service (DDoS) attacks has introduced a significant variable into the cybersecurity equation. Yet as we delve into the current state of DDoS attacks, it becomes clear that this resurgence is not merely a rehashing of old tactics.

“DDoS attacks are becoming increasingly sophisticated as adversaries evolve their attack patterns, botnets, and other technologies,” says Ivan Shefrin, Executive Director of Managed Security Services at Comcast Business.

This represents a paradigm shift in the way cybercriminals approach their malicious activities, forcing security professionals to reassess their defensive strategies and adapt to a new threat landscape.

Ivan Shefrin, Executive Director of Managed Security Services at Comcast Business

DDoS tied into geopolitical instability

Although no exact cause can be attributed to the surge of DDoS as a form of attack, the geopolitical instability currently ongoing in the Middle East and Eastern Europe are notable causes, with both areas experiencing high frequency of attacks.

“They [DDoS] are generally aligned with geo-political instability and social tension, targeting political parties, state aligned businesses and critical infrastructure alongside such means as dis/misinformation, data exfiltration and ransomware.”

This is because a DDoS attack, unlike ransomware, does not necessarily have a financial incentive. The attack is a malicious attempt to disrupt the normal functioning of a targeted system, service, or network by overwhelming it with a flood of internet traffic from multiple sources, with the primary goal being to render the target’s services unavailable to legitimate users.

Unlike traditional Denial of Service (DoS) attacks, which originate from a single source, DDoS attacks harness the power of numerous compromised devices, often referred to as a botnet, to generate a massive volume of traffic.

Yet the jump from Dos to DDoS has not seen the end of the evolution of the form of attack.

“The nature of DDoS attacks has seen further focus away from primarily volumetric and protocol-based attacks towards other methods, each of which presents unique challenges,” explains Michael Skelton, VP of Operations, Bugcrowd.

Attackers are increasingly being observed taking application-based approaches to denial of service, often exploiting business process or logic flaws to deny service to users.

Equally, the automation of DDoS attacks can be generated and launched with ease, which is increasing the scale of attacks being able to be launched.

Combined with AI’s ability to mimic legitimate traffic patterns, DDoS continues to pose significant challenges for security teams, making it more difficult for security teams to prepare and respond.

With the introduction of new technologies like the Internet of Things (IoT), the vectors used to deliver these attacks are also changing.

“The explosion in the use of IoT devices and the ability to reflect and amplify attacks across these massive botnets has resulted in a constantly evolving and potent threat to most businesses,” says David Harvey, Cyber Response Director at KPMG UK.  “In addition, attackers have evolved from targeting a single device, such as a website, to a range of addresses, thereby expanding the impact of such an attack.”

The versatility of botnets has also enabled attackers to repurpose them across different, even multi vector attacks, creating a black market where they are essentially treated as a fungible asset for organised crime.

This growing sophistication, plus surge in amount, means that organisations are increasingly pressed in fighting to keep their systems online.

Michael Skelton, VP of Operations at Bugcrowd

Defending against DDoS

Yet despite the growth in the sophistication of attacks, experts have been learning from threat intelligence to come up with strategies to mitigate attacks.

“This evolution means that organisations must be prepared for targeted, subtle attacks that are not solely focused on overwhelming bandwidth but rather on disrupting critical operations in more nuanced ways,” says Michael.

This includes implementing DDoS mitigation services that can detect and respond to attacks in real-time, utilising scrubbing centres to filter out malicious traffic, and employing circuit diversity, load balancers, failover systems, and geographically distributed data centres to minimise the impact of potential attacks.

Organisations should also prioritise robust backup and recovery solutions, regularly backing up data and ensuring these backups are secure and easily accessible for recovering from data destruction or encryption incidents. Implementing advanced threat detection and response tools can help identify and address botnet activities and other malicious behaviours in real-time.

Equally, just as AI has helped automate and increase the volume and intensity of attacks, it is increasingly being used in defence.

“AI is being used on both sides of the equation,” explains Michael. “Threat actors are employing AI to automate reconnaissance and adapt attack strategies in real-time, making their campaigns more effective, and defenders are using it alongside machine learning to analyse network traffic patterns and detect anomalies that could indicate a DDoS attack.”

As AI models and their usage rapidly evolve, continuous changes in how it is used, both offensively, and defensively are expected. AI enables the scaling of activities for both defence and offence, adding potential for new tactics and mitigation solutions.

Yet AI isn’t a panacea. It must be balanced with other cybersecurity solutions to manage the complexities of an attack.

“It’s important to partner with DDoS mitigation providers who can provide expertise from their Security Operations teams to partner in defending against attacks. Fully automated systems can’t always adjust to the latest threat vectors,” says Ivan.

David Harvey, Cyber Response Director at KPMG UK.

Future threats of DDoS

Looking ahead, the DDoS threat landscape is expected to continue evolving. The advent of 5G technology promises faster internet, high bandwidth, and massive IoT device connectivity, presenting attackers with an exponentially larger attack surface to exploit and launch attacks.

This could lead to DDoS attacks being carried out at breakneck speed, with enhanced bandwidth enabling attackers to produce larger amounts of traffic that potentially overpower conventional security measures.To prepare for this future, organisations need to consider how they can be forewarned through threat intelligence and exploit AI to help with prediction and detection.

“DDoS attacks are likely to continue their growth in scale and complexity as they evolve to counter DDoS protection providers,” explains David. “Organisations need to consider how they can be forewarned through threat intelligence and exploiting AI to help with prediction and detection.

Additionally, the use of decentralised mitigation techniques and scrubbing centres to absorb malicious traffic before it reaches the target is an area of development that may prove critical with the new connectivity capabilities being ushered in.

As DDoS attacks continue to evolve and pose significant threats to organisations across various sectors, businesses must leverage advanced technologies and strategies to keep up with the increasing sophistication. Staying ahead of evolving threats will be crucial for maintaining operational integrity and safeguarding critical infrastructure in an increasingly hostile cyber environment.