Prevention better than cure in battling AI-driven ransomware

Johannesburg, 11 Sep 2023
Irina Artioli, Cyber Protection Evangelist at Acronis.
Irina Artioli, Cyber Protection Evangelist at Acronis.

A proactive, multi-layered approach is crucial for preventing cyber attacks, particularly as cyber criminals harness AI and automation to launch more sophisticated attacks.

This is according to Irina Artioli, Cyber Protection Evangelist at Acronis, who was speaking during a webinar on Preparing for Intelligent Adversaries, hosted by Acronis in partnership with ITWeb.

Artioli said 270 000 new malware samples were reported per day in 2023. “It’s like an avalanche. If your infrastructure isn’t resilient enough, this malware can bring it down,” she said. “In South Africa, only 14 ransomware cases are known from January to August this year, but it should be noted that these are only the known attacks – many organisations do not report these attacks.”

Cyber criminals don’t discriminate, they target businesses of any size in any vertical, in any country. Their target is data, for their financial gain, she said. “They are creative, advanced and using more and more tools to move forward. Even a child with the proper tools could commit cyber crime.”

A poll of webinar attendees found that over 61% knew someone who had been a victim of a ransomware attack, and 7% knew of someone who had.

Artioli added that the average lifetime of new malware is only 1.7 days, with automation and AI being harnessed to enable it to scale and change rapidly, making it harder to identify and stop threats using traditional methods.

“Cyber criminals are using AI generated photos to fool people, and at least 32% of users don’t recognise AI bots,” she said. Criminals also generate very convincing deep fake voice and video content, she noted. “If just 10 seconds of your voice is on the internet, criminals can use it to generate a deepfake.”

Deploy AI and automation

Emphasising that prevention is better than cure, Artioli said organisations should attend to basic security hygiene using industry best practices, and have an advanced solution that uses ML and AI against cyber criminals.

She said attack detection is 39% faster when AI is deployed, making AI and automation important in the security arsenal. However, she added: “AI and automation should go hand in hand with humans, because AI can also make mistakes. But it’s very useful in helping humans to work faster and more efficiently, and to filter noise.”

Artioli highlighted Acronis Cyber Protect, which uses AI and automation to support patching and exploit prevention, backup and disaster recovery, RMM and cyber scripting, URL filtering and e-mail security, behaviour detection and anti-ransomware, machine intelligence and self-protection – which protects the agent itself against attack.

She also noted that ENISA Europe recommends having a good and verified backup of all business-critical files and personal data, and keeping it updated and isolated from the network. It also advises applying the 3-2-1 backup rule, keeping personal data encrypted in line with GDPR provisions, running security software in endpoint devices that can detect most ransomware, applying best practices such as network segmentation and up-to-date patches, maintaining security awareness, conducting regular risk assessments and restricting administrative privileges.