For years, a global “cyberwar” has been raging, with more and more organizations falling victim to attacks. Fear is growing – not least because of the increasing use of AI-powered attacks. But even these new risks can be mitigated with proven security measures.
Artificial Intelligence vs. inadequate basic protection
AI here, AI there. If you follow the news, attend trade shows, or participate in seminars and webinars, you’re constantly hearing the buzzword “AI” or “Artificial Intelligence.”
On the one hand, the benefits of this new technology are being touted. A new IT security tool without the “powered by AI” label? Unthinkable! On the other hand, warnings about AI attacks are being shouted from the rooftops. After all, “cybercriminals” are increasingly using smart algorithms to attack even faster and more efficiently.
So what now? Panic? Bury your head in the sand?
No! “Contrary to the media hype, it should be noted that AI is not currently generating any new, unique Tactics, Techniques & Procedures,” explains the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). “Although the barriers to entry for malware programming using AI are almost certainly lowering, advanced malware will still require a high level of understanding of the targeted operating system and the malicious code itself, even in the long term.”
Are there now “exotic” AI attacks?
With ChatGPT, Perplexity, Gemini, and others, it’s extremely easy to craft error-free and credible-sounding phishing emails. And AI bots can detect security vulnerabilities in systems on their own. And faster than ever before.
An example: Claude Mythos, a powerful AI model from Anthropic, was already able to detect “thousands of zero-day vulnerabilities” in popular operating systems and applications. This put cybersecurity authorities, as well as the financial sector on high alert.
However, despite the AI boom, there are not yet masses of new, extremely insidious attack methods. That is good news, but it does not ease the situation in any way.
What do typical AI attacks look like?
Hackers continue to try to break into systems using traditional methods. However, thanks to AI support, they are now able to achieve their goals more efficiently.
They succeed because, “in the BSI’s experience, many companies lack sufficient knowledge of both the general cyber threat landscape and their own risk profile.” This is stated on page 69 of the report “The State of IT Security in Germany 2024.” In our assessment, this remains the case today.
The BSI situation report went on to state: “Even basic preventive measures – many of which can be implemented at no cost – are therefore often not taken.” This means that attackers continue to have an easy time of it, as companies do not invest enough time, energy, and budget in IT security. They are easy prey, with or without Artificial Intelligence.
On top of that, software vendors are no longer able to patch existing security vulnerabilities in a timely manner. CERT-EU notes: “The mean time to exploit newly disclosed vulnerabilities has dropped to an estimated negative seven days.”
Conclusion: Attackers are already exploiting vulnerabilities many days before an official patch becomes available. As a result, many patches arrive too late, but they are, of course, still worthwhile.
What happens next?
The traditional process of “vulnerability is discovered → vendor develops a patch → patch is released → users install the update” has been permanently disrupted. AI tools make it possible to find and exploit vulnerabilities at breakneck speed.
IT security experts believe that this “stress test” will continue to intensify until security gaps can be closed faster than AI can uncover them. Until then, according to the paper “AI-Based Vulnerability Detection and Exploitation” by the Austrian National Bank (OeNB), patching processes could become overwhelmed. “This process could take years, as all existing software must be revised,” the publication states.
So the cat-and-mouse game between attackers and defenders has picked up steam again – thanks to the AI boom. Right now, it looks like the attackers have the upper hand.
Are the defenders – that is, the IT departments in companies, banks, government agencies, and other organizations – now helpless? No!
What can be done to combat AI attacks?
Whether systems are attacked using traditional methods or with the help of AI, the best protection is always defense. This does not primarily refer to an active response, but rather to preventive action.
CERT-EU urges: “Reduce your attack surface” in its publication “AI is changing the economics of vulnerability discovery.” This point even ranks first among the recommended measures.
To put it another way: If you’re a homeowner who wants to prevent burglars from breaking in, you must first close all doors and windows. This can prevent the majority of break-ins or at least significantly delay them.
In IT, this means that operating systems and individual applications must be configured to present as few vulnerabilities as possible. This approach is known as Secure Configuration or System Hardening.
Legislators have recognized that this makes sense. As a result, an increasing number of laws, standards, and regulations – such as NIS2, ISO 27001, and DORA – require professional hardening of all systems.
Why is System Hardening so effective?
This measure aims to make individual applications, operating systems, and entire IT environments more resilient and therefore more secure.
A key component is disabling insecure settings and uninstalling unnecessary programs. After all, anything considered unnecessary and/or insecure can serve as a target – for example, for ransomware threats.
With professional System Hardening, many cyberattacks come to nothing. Or malware cannot unleash its destructive power at all, or only very slowly.
Proven protection, even against “smart” malware
One threat that could increase in the coming years is attacks using polymorphic malware. That is, malware capable of independently altering its own code. These changes occur without affecting the malware’s core functionality, making detection – for example, by traditional antivirus programs and EDR systems – more difficult.
The creation of polymorphic malware is simplified by the use of Artificial Intelligence. AI systems can analyze patterns in detection software and then generate algorithms that adapt their malware source code base accordingly. As a result, these “malicious programs” typically remain undetected for a long time.
This means attackers have more time to cause damage. Ffor example, through data theft, espionage, or extortion. The risk that attacks detected too late will have far-reaching and costly consequences for a compromised organization increases by the minute.
What can be done to combat polymorphic malware? There are various solutions. As is often the case, one of them is System Hardening. This is because “intelligent” malware can only cause damage if it encounters unprotected areas, functions, and applications.
However, if target systems are configured in such a way that there are significantly fewer vulnerabilities and security gaps, even polymorphic malware loses its threat.
How do you implement professional System Hardening?
Performing System Hardening in accordance with legal and regulatory requirements is a complex process. For each system, you must review and adjust hundreds of settings.
But that’s not all: Every step of the hardening process and every change, no matter how small, must be thoroughly documented and continuously monitored. This is required by NIS2, DORA, ISO 27001, auditors, and cyber insurance providers, among others.
Under these conditions, how can you implement hardening in a way that promptly and comprehensively reduces the attack surface for AI attacks? Use a solution like Enforce Administrator, which allows you to automate and significantly accelerate many hardening tasks.
⏬ Download: Enforce Administrator
Product Brochure (PDF)
Final Conclusion
Start by focusing on the basics of IT security before investing time, money, and energy in new “exotic” solutions. For example, try to meet the increasingly stringent requirements by implementing professional and sustainable System Hardening, among other measures.
In addition, when it comes to Artificial Intelligence, you should prioritize other measures on your agenda: Prevent shadow AI and adhere to the regulations like EU AI Act. Among other things, provide AI training and restrict the use of ChatGPT, Copilot, and similar applications. Otherwise, new vulnerabilities will arise that attackers can exploit.
Do you have any questions?
Would you like to learn more about System Hardening? Would you like to know how to set up automated System Hardening and implement it in your organization? Or would you like to see our hardening solutions in action?
Contact us or schedule an appointment right away – our experts are here to help!
📅 Enforce Administrator: Book a live demo
Images: Freepik, BSI, FB Pro, CERT-EU