IoT insecurity is opening the door for deadly-accurate AI-powered swarmbot attacks

Cybercriminals’ increasing use of artificial intelligence (AI) will create autonomous, self-changing botnets that will be able to tweak and re-deploy attacks in seconds, a security strategist has warned.

Traditional cybercrime has been “non-intelligent”, Fortinet global security strategist Derek Manky told CSO Australia, in that a single attack is designed by humans and deployed en masse after testing.

But with businesses rapidly adopting Internet of Things (IoT) devices and Mirai-derived botnet attacks working together to dynamically adapt attacks on those devices faster than ever, Manky warned, that threat was already giving way to a far more rapidly-changing alternative.

Peer-to-peer IoT botnets were creating ‘swarmbots’ that “are completely decentralised, meaning that they can infect other devices by passing commands to notify other members of the swarm to launch against the target,” he explained.

AI had been recognised as an essential tool in spotting attacks – but it is even more concerning for its potential to assist cybercriminals in improving the effectiveness of their bot attacks.

Maliciously-deployed AI, which continually analyses the effectiveness of each attack and recommends configuration changes, will pummel IoT devices with a relentless and constantly-changing onslaught that comes far faster than humans can keep up.

“Attacks are carried out at a much greater speed,” Manky said. “They’re not waiting for a command from a slow human, but they can carry out attacks on their own.”

AutoSploit, a Python script that automates the operation of the flexible Metasploit attack engine using IoT devices discovered via the Shodan IoT search engine, emerged last year as a clear example of the dangerous power of such automated and adaptive scripting.

“Most of these attacks will be IoT driven because IoT is the largest attack surface,” he explained, echoing recent research that found only half of companies are confident they could even detect a breach of their IoT devices.

“Attackers can get easier access into networks because there are so many IoT devices out there, and basic security practices that should have been solved years ago still aren’t being done.”

All of this, Manky said, was paving the road towards regular and rapid compromise.

“Typical cybercrime breaches can take a matter of days to successfully launch attacks,” Manky said, “but where we are moving with automation, AI, and swarm attacks is rapidly going to decrease the time to breach. I think we’re going to get into seconds if not microseconds latency.”

Don’t try to keep up

The prevalence of new and varied attack types was spawning new attacks in such volumes that security teams shouldn’t even be thinking about trying to bolster their defences by hiring large numbers of security specialists: “that’s a losing battle,” Manky said.

Rather, the key to fighting off swarmbot attacks would lie in applying a similarly designed strategy for corporate network defences. By designing various sensors, endpoint protection, firewall and other components to share information about changing threats, network environments can use similar levels of automation to fight back against attackers.

Embracing DevOps principles would also allow this automation to drive real and timely changes to network and application defences. Deception techniques provided additional value, creating slightly modified copies of networked content designed to litter target environments with digital clutter that makes it harder for cybercriminals to spot information that is both valuable and accurate.

“From a strategic perspective,” Manky explained, “the whole game is about trying to make cybercrime more expensive for attackers. The more you can be a pain to them – and make it difficult for them to tell what is real and what is not real – you can force them to go back to the drawing board.”