Imagine you’ve got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you’re planning to meet.
It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client’s email mannerisms, with a virus attached to the map.
It sounds pretty far out — and it is, for now. But that’s the direction that Dave Palmer, director of technology at cybersecurity firm Darktrace, thinks the arms race between hackers and security firms is heading.
As artificial intelligence becomes more and more sophisticated, Palmer told Business Insider in an interview at the FT Cybersecurity Summit in London in September, it will inevitably find its way into malware — with potentially disastrous results for the businesses and individuals that hackers target.
It’s important to remember that Palmer is in the security business: It’s his job to hype up the threats out there (present and future), and convince customers that Darktrace is the only one that can save them. It’s a $500 million (£401 million) British firm, with an AI-driven approach to defend networks. It creates an “immune system” for customers that learns how businesses operate then monitors for potential irregularities.
But with that in mind, Palmer provides an fascinating insight into how one of the buzziest young companies in the industry thinks cybersecurity is going to evolve.
Ransomware is endemic right now. It’s a type of malware that encrypts everything on the victim’s computer or network, then demands a bitcoin ransom to decrypt it. If they don’t pay up in a set timeframe, the data is lost for good.
AI-infused ransomware could turbo-charge the risks these attacks make — self-organising to inflict maximum damage, and going after new, even more lucrative targets.
“[We’ll] see coordinated action. So imagine ransomware waiting until it’s spread across a number of areas of the network before it suddenly takes action,” Palmer said.
“I’m convinced we’ll see the extortion of assets as well as data. So factory equipment, MRI scanners in hospitals, retail equipment — stuff that you’d pay to have back online because you can’t actually function as a business without it. Data’s one thing and you can back that up, but if your machine stops working then you’re not going to be making any more money.”
Using recurring neural networks, it’s already possible to teach AI software to mimic writing styles — whether that’s clickbait viral news articles or editorial columns from The Guardian. Palmer suggests that in the future, malware will be able to look through your correspondence, learn how you communicate, and then mimic you in order to infect other targets.