It’s estimated that a new cyber attack starts every 40 seconds. But for all the speed and sophistication threat actors have developed over the last few years, there is still much to be optimistic about on the defense side. For the first time ever, we have all the pieces we need to predict cyber events. After all, the indictors have always been there. They’re just hiding in plain sight. The application of artificial intelligence (AI)I and machine learning (ML) gives cyber defenders like LookingGlass the ability to cut through the vast universe of data to find the intelligence that really matters.
This piece explores LookingGlass’s unique approach for uncovering cyber attack patterns and predicting episodes through the monitoring of external networks, establishing of internal sensors, and application of AI and ML.
Cyber Attack Prediction Requires an Outside-in View
For over a decade, LookingGlass has been working with customers in the public and private sectors to gain comprehensive views of their attack surfaces and understand threat actors’ tactics, techniques, and procedures (TTPs). We monitor our customers’ networks, networks of their third-party vendors and suppliers, the broader internet, and the social media sphere. This information gives us an external view of the organization, or what enterprises look like to the outside world. This visibility helps us see what a threat actor sees when trying to exploit an entity’s vulnerabilities. We call it the “outside-in” approach.
The much-publicized Colonial Pipeline breach is one example that really illuminates the outside-in approach and highlights how our scoutTHREAT™ threat actor tracking solution uncovered an impending issue.
We had been tracking DarkSide, the group that created the ransomware at the heart of the attack, since early 2020, including their targets and victims. When they started making updates to their malware platform, the blips on the radar screens of scoutTHREAT lit up. This flurry of activity was an early warning indicator, one that was easy to see in the massive data sets that drive our products . So, we scanned the broader internet, online forums, and social media platforms for more context. We saw that Darkside was posting job openings, hiring for penetration testers, and more. Not only did we see the group becoming more active, we also saw that they were hiring the types of people needed to execute a significant attack.
Knowing that this threat actor group was highly active, we used scoutTHREAT to comb through thousands of pages of historic data and uncovered that the group was interested in attacking companies in the energy sector. Our product, and the data science we’ve applied to its analysis of outside networks, gave us the confidence to know that a specific threat was imminent and to alert our customers with a threat actor profile, or dossier, that included preferred TTPs and previous victims.
How Artificial Intelligence and Machine Learning Can Help Predict Cyber Attacks
LookingGlass Chief Cyber & Technology Officer, Norm Laudermilch, likes to use an astronomy analogy when explaining how AI can be applied to cybersecurity: “If an astronomer told you that a star is 4.5 light years away, most people couldn’t comprehend the magnitude of that number. We have no concept of distances that vast,” he said. “The same thing is true with cyber data. Trillions and trillions of events happen on the internet every day. They’re all recorded, they’re all available, but nobody understands how vast that data is. We need machines to help us make sense of it,” Norm added to underscore the need for data science to refine cyber defense strategies.
That’s where machine learning comes in. The summary of extremely large datasets is one of its key benefits. Our algorithms have the ability to read hundreds of thousands of pages written in human languages, and then spit out a highly accurate summary for humans to digest. This allows analysts using our tools to very quickly consume massive amounts of internet activity, reports on a threat actor, or threads on social media and very quickly see what it all means. Without data science, the comprehension of this magnitude of data would take humans months or years – far too slow for the rapidly changing cyber threat landscape. But it isn’t just in this summarization where the real value lies. Machine learning’s most game-changing benefit is in artificial intelligence and prediction—no humans necessary.
Artificial intelligence has the ability to make connections and correlations with data that seems distinct in way that humans could never conceive. Say we’re looking at piece of data about a certain kind of vulnerability. Then, there’s another piece of data about a threat actor and how they attack systems. The threat actor data might not mention the vulnerability at all.
But if a machine reads 100,000 pages of data, which it can do very quickly, it could learn that this threat actor prefers MacOS vulnerabilities and make an event prediction using those two previously distinct and unrelated datasets. Something a human analyst might never be able to piece together because they are constrained by the limits of time, energy, and capacity. Artificial intelligence predicts at machine speed.
The Future of Predicting Cyber Attacks
But does building out predictive AI defense systems ensure resiliency against attacks? Only time will tell. The only way we can have confidence in the technology is through rigorous testing, measuring, and improving. We’re going to need to test these systems against billions of attacks to make sure the algorithms are not brittle, and can fail gracefully.
It’s also not an all-or-nothing situation where defenses are either all machine learning or all rules based. There is a role to play for rules-based systems. AI can operate within a framework and that framework has hard boundaries designed, tested, and evaluated by humans.
In some ways, the future is now. We are at pivotal point in the world of cybersecurity. We are innovating at the intersection of man and machine—moving human talent away from their tactical role to that of an AI overlord charged with managing millions of brilliant and adaptive cyber warriors that happen to also be machines.
We’re not suggesting that we simply release AI-predictive cyber technologies into the world and see what happens. LookingGlass has spent years laying the foundation for these technologies and the principles that govern them. Our success will be in the testing, iteration, and continued partnership of customers in the public and private sectors.
Are you interested in learning more about how LookingGlass can help prepare your cyber team to deal with security issues in emerging technologies? Contact us today to book a demo.
