The Rise of Generative AI is Transforming Threat Intelligence – 5 Trends to Watch

AI News


2023 was the year of generative artificial intelligence (GenAI). From the rise of ChatGPT to the many tools that followed, companies of all sizes are in the race to develop GenAI technology and applications. GenAI will continue to evolve in 2024, accelerating its use and having important implications on cybersecurity for both attackers and defenders.

Threat intelligence has been one of the first sectors to welcome and integrate the new GenAI technology. Threat intelligence is fundamentally about data and the ability to process, contextualize and enrich data points, with the end goal being to understand threats so that you can proactively mitigate them. GenAI is expected to be a great asset to this end. However, this adoption is still in its early stages and the convergence of GenAI applications with threat intelligence will be one of the most interesting things to come. Here are five key trends we expect to see in the threat intelligence space in 2024:

Data analysis

GenAI is data-driven, so it's no surprise that applying its capabilities to data analysis tasks is becoming a trend first: GenAI can reduce processes that take hours to minutes, freeing up analysts' time to respond to cyber threats in near real-time.

Ransomware data leak analysis is a good example. When a company’s third-party vendor is attacked and its data is leaked, it’s the job of a threat intelligence analyst to find out what company data was included in the third-party vendor leak. Analyzing 500GB of someone else’s data is no easy task, especially when the data contains many data points across various file formats (PDF reports, photos of receipts, huge Excel sheets, etc.), all stored in different folders with naming conventions that may only be understood by the creators themselves. Sifting through such a large amount of data is time-consuming and inefficient. GenAI technology, which can understand natural language and analyze data in various formats, is the perfect solution to perform such a task.

Contextualization

Imagine you are faced with the following threat assessment:

  • The CEO's name was mentioned in an inflammatory tweet
  • An ad for the sale of VPN access, written in Russian, was posted on an underground cybercrime forum.
  • Researchers have discovered new vulnerabilities in software tools used by the company.
  • Telegram exposes data leak containing former employee's email addresses and passwords

These are examples where threat analysts need to quickly filter through everyday data points to separate and prioritize real or imminent threats from more benign everyday events. GenAI solutions that can understand context while overcoming language barriers become the obvious choice to categorize and explain possible threats, allowing analysts to focus on critical threats that need urgent attention.

Reporting

Any intelligence analyst will tell you that having information alone is not enough. Once you have the information, the next step is to distribute it to the right people so they can take action.

However, this is not always as easy as it sounds. Surprisingly, the ability to understand cyber-related content and threats and the ability to explain these threats to non-technical people are not 100% aligned. Additionally, language can be a barrier when moving to using a remote workforce. Moreover, as the threat intelligence industry increasingly transitions from service-based to software-based solutions, automating high-quality, meaningful reports is proving to be less of a straightforward task than we thought. For these reasons, using GenAI capabilities in addition to “old-school” automation will become a broad, expanding and critical part of any threat intelligence solution.

Attack Detection

GenAI increases power for security teams as well as attackers. 2023 has seen several misuses of the technology, with WormGPT and FraudGPT being notable examples. Both are derived from OpenGPT and are intended to facilitate unethical and unrestricted GenAI applications, and both can be used for increasingly sophisticated hacking operations.

That being said, GenAI capabilities can also be used to detect these attacks. The flexibility of the GenAI tool allows you to analyze different aspects of an event to quickly understand if it is a threat. For example, looking at both the headers and content of an email and comparing it at the same time to past email conversations can detect fraud and Business Email Compromise (BEC) attacks. GenAI can also be deployed to analyze website code, content, appearance, and Whois details to determine in near real-time if a website is a phishing site.

Content Creation

One of the little-known secrets in the threat intelligence field is that human interaction skills are sometimes just as important as technical analytical skills. The ability to understand the different stages of an attack, analyze malware, and understand network traffic are important in their own right.

But no threat intelligence program is complete without access to data from its sources – adversaries. To do so, human intervention is required. Underground hacking forums, Telegram groups, and Discord channels have proven useful time and time again for interacting with threat actors. This data is usually shared for free, but most require human intervention to extract. The level of human intervention required varies by source, from answering questions to visiting forums or even continuing conversations with adversaries for days. Many, if not all, of these tasks can be performed by GenAI technology. At the very least, GenAI can ease some of the burden on researchers.

Expect GenAI to continue to be a hot topic across threat intelligence applications, as threats become increasingly sophisticated (often bolstered by GenAI itself) and GenAI will play an even bigger role in combating them.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *