Continuous Threat Exposure Management: The Hacker’s Perspective
The automated hacker: An introduction to AI-powered offensive cybersecurity
This is the first post in my new series about "Continuous Threat Exposure Management: The Hacker’s Perspective." This series is designed to reveal how artificial intelligence (AI) is revolutionizing offensive cybersecurity viewed through the lens of an hacker. We will delve into the mechanics of automated security monitoring, the integration of Attack Surface Management (ASM) with automated security testing, and how real-life threat scenarios can help translate vulnerabilities into actionable risk insights. The first topic of this series takes us to the front lines of AI-powered offensive cybersecurity and how AI empowers Hadrian’s automated capabilities.
Historical malicious usage of AI
The era of AI-driven malicious cyberattacks has dawned, but it's important to discern the facts from fiction. Yes, AI has been exploited historically in cyberattacks, primarily in sophisticated phishing campaigns. These attacks have harnessed AI to craft incredibly convincing fake emails, messages, and websites, duping unsuspecting victims into handing over sensitive data.
However, when it comes to more technical attacks, the application of AI hasn't seen the same level of adoption. A common misconception is that AI is the core driver behind most of today's cyberattacks. In reality, AI's involvement in cyberattacks is still not as pervasive as many fear – not yet anyway. On discussing the impact of chat GPT on cybercrime, HackOps Mikhail explains:
“It is just another tool in a cyber criminal’s arsenal, similar to the early days of search engines. While there is buzz around its novelty, I don’t think OpenAI has revolutionized cybercrime, but it has made it a fraction easier.”
Mikhail, HackOps - Read blog post
The vast majority of attacks today are not AI-driven but are instead automated through more conventional means. These attacks often leverage known vulnerabilities and operate at a massive scale, indiscriminately targeting systems across the internet. Because of this widespread automation, even though the individual chance of a specific instance being exploited might be low, the overall likelihood of experiencing an attempted attack has significantly increased.
The role of AI in scaling Hadrian's automated capabilities
In the face of the cyber threat landscape, Hadrian has made a strategic decision to leverage AI, as a potent ally to scale our automated capabilities. The need for this approach stems from a reality: cybercriminals are increasingly focusing their efforts on technologies rather than individual companies.
Predicting web pages’ age with AI: A new weapon in the fight against cyberattacks
Blog Post - Klaas, AI Lead
Rather than crafting tailor-made exploits for specific businesses, these malicious actors identify common technologies that span across thousands, if not millions, of companies. Once they develop an exploit for a given technology, they can unleash it on a broad scale. It's akin to casting a wide net into a vast ocean of potential victims, hoping to ensnare as many as possible. A single cybercriminal, or a small group, can easily instigate millions of these attacks with relative ease.
The challenge for cybersecurity platforms like Hadrian, then, becomes twofold:
- First, we must understand the myriad of automated attacks that a malicious actor could deploy. This is no small task given the sheer number and variety of possible exploits, each potentially targeting a different vulnerability in a different technology.
- Second, we must test for these attacks, ensuring that our customer’s defenses can withstand the onslaught. This requires a high degree of automation, the ability to simulate a wide array of attack scenarios, and the flexibility to adapt as new threats emerge.
It's here that AI shines. By integrating artificial intelligence into our platform, we can achieve a level of testing breadth and depth that would be impossible with manual methods alone.
Hadrian's AI-driven approach
The crux of our solution lies in Hadrian's innovative, scalable, and event-driven architecture that forms the backbone of our testing procedures. At the heart of this architecture is our Orchestrator AI. Far from a simple scheduling or routing tool, the Orchestrator AI serves as the connective tissue linking various events and modules together in a seamless, intelligent network.
Our solution is designed to handle a broad spectrum of scenarios, each corresponding to a particular type of cyber threat or potential vulnerability. These events then trigger relevant modules, specialized routines designed to respond to or investigate the specific threat associated with the event.
Given the sheer volume of potential scenarios, manually determining the optimal response or course of action for each would be impossible. However, our Orchestrator AI, leveraging advanced machine learning algorithms, is able to accurately predict which modules are relevant for each scenario, effectively predicting attack paths out of trillions of possible combinations.
At Hadrian, we have distilled this process into four main pillars of modules that we develop: reconnaissance, context finding, risk assessment, and prioritization. Each pillar serves a unique purpose in our automated cybersecurity strategy.
- Reconnaissance: This pillar involves mapping out the digital landscape of an organization. Our AI-driven reconnaissance is akin to ASM, aiming to answer the question - where are your internet-facing assets? It goes beyond simply identifying IP addresses or ports, it also includes finding related cloud environments like S3 buckets, or public GitHub/GitLab accounts that belong to your organization. AI plays a crucial role here, using pattern recognition to understand naming conventions and predict where other related assets could be.
- Context Finding: This pillar focuses on understanding the connections and dependencies between different assets, tracking API requests, and recognizing what technology is driving these assets. Our AI uses sophisticated algorithms to draw conclusions and make predictions based on the patterns and data it encounters, similar to the intuitive leaps a human hacker might make.
- Risk Assessment: At this stage, we simulate real-life threats that your organization could face. This is done in a non-intrusive manner, but our algorithms always find a way to thoroughly validate a risk to ensure there are no false positives.
- Prioritization: The final pillar involves taking all the data from the three previous pillars and summarizing it into a clear, actionable list of priorities. Our AI combines data about the business and risk, and even considers factors like whether a particular vulnerability is being actively exploited in the wild to assess priority.
In essence, Hadrian solution is about embracing the power of AI to augment our capabilities, enabling us to deliver comprehensive, effective, and forward-looking cybersecurity solutions.
How SHV Energy improved operational efficiency and increased visibility of its external attack surface
Thank you for reading, and join me next week when I’ll write about: Automated Security Monitoring: Unveiling the Black Box. To read more about how Hadrian’s Contiuous Threat Exposure Management reduced manual work and streamlined security processes for SHV Energy, visit our case study.