2017 is over and 2018 is already buzzing with thoughts about what role AI based cyber attacks will play in an evolving landscape. To be clear, artificial intelligence does not have to be either particularly clever, nor does it have to be significantly adept, to become a nuisance. A system that can do 20 scans per hour and only bother executing an exploit under even the most exacting specifications could be set and forgotten on a server, waiting for the unsuspecting visitor. If such a system targeted either a given IP range, a specific OS, or even a set of ssh keys that hadn't been changed from their defaults, such a system could prove devastating with very little functional intelligence.
What AI Attacks Will Look Like
Primarily there will be something like what I have just described, but in more severe cases it will escalate towards query based ddos attacks run by unmanned nodes. It could potentially be: identity theft, economically disruptive payment sniffing, packet spoofing, and other connection based attacks that could act as precursors to human actors. A good example might be a program that scans targeted user data and tries dictionary attacks based on a users writing styles.
Much more similar to a software running on a computer that isn't triggered without specific conditional requests, the idea of scripted attacking botnets may be the less difficult to implement alternative to AI based cyber attacks. A preset series of exploitative attacks configured into a list meant to be fired and forgotten.The idea with a scripted botnet is to fire a variety of attacks and have a strategy for whatever works. These systems won't be quite as successful as the AI counterparts, but for crippling infrastructure might be even more devastating in spite of the requirement for human targeting...
Which Is More Dangerous?
While to individuals an AI cyber attack will be fundamentally worse, for the world's economy the scripted botnet will be the bigger problem. AI systems will obey certain patterns and be largely apparent in scope, making resolution easier by profiling the attack vectors. A Hybridization will be inevitable, but may in fact reduce the overall scope of systematic destruction done by scripted botnets, making them more attractive to military and government purposes.
Privacy And Security
While many might argue that identity theft is a concern for people with considerable assets, an actual assessment of how identity theft works reveals that regardless of income level most identities stolen are used to make money through credit card fraud and other similar means. Additionally the protections offered by consumer protection firms will be under greater pressure to not only resolve but prevent further damages to both new and existing clients. The actions taken by the public at large will likely include more factors of authentication, and other safeguards, but as AI improves these systems will become largely obsolete.
What Companies Can Do Now To Prevent Unwanted Risks
Have your IT department on a policy of constant improvement and resourcing both threats and mitigation. Learn about the API associated with your payment systems and how to detect fuzzing and active sniffing on sensitive machines. If your company doesn't have regularly scheduled penetration tests arrange them within your budget and specify the concerns related to the emerging threats like ransomware, botnets, and payment system spoofing rather than settling for Nessus scan results.
(*Nessus is awesome but do some research)