How Cybersecurity Is Evolving: The Real Lesson of Machine Learning

Posted by Craig McDonald on 11 December 2018 12:19:00 AEDT

Artificial Intelligence (AI) and machine learning are currently hot property, on the wish and hit lists of just about every company on the planet.

And it’s not hard to guess why. While AI programs can approximate human behaviour, machine learning (a branch of AI), allows programs to ‘learn’ from the data they’re fed and discover patterns. Essentially, within businesses, AI and machine learning can help derive better business outcomes, helping boost profitability. The insights that AI can uncover can be nothing short of astounding.

PwC, predict that “AI could contribute up to $15.7 trillion to the global economy in 2030”. Meanwhile, Google have been busy solving problems you didn’t even know were problems – like predicting depth in just a single image. Easy for the brain, not so easy for a computer.

But if you think about it, cybercriminals are also running a business, albeit an illegal one - and they’re leveraging this technology, too.

Cybercriminals leveraging AI and machine learning

Cybercriminals are always out there making the most of technology to do their dirty work. There’s always a reason behind every fake website getting you to enter your details, every dream lover asking to send money on a dating site. Ransomware is a money-making scheme targeted at whoever falls prey to accidentally running a script on their system. Corporate cybercrime is stealing the competition’s IP.

You can bet that if businesses are interested in (and building) AI and machine learning projects, that cybercriminals are getting in on the action too. After all, their projects are often already based on exploiting technology.

In my book, Surviving the Rise of Cybercrime, I talk about the emergence of a new global industry, representing a sophisticated network of cybercriminals. They are at the forefront of advances in new technology.

“There are already instances of threat actors and hackers using AI technologies to bolster their attacks and malware,” says Forrester Research in a new report titled Using AI for EvilA Guide To How Cybercriminals Will Weaponize And Exploit AI To Attack Your Business.

In fact, a 2017 survey found 62% of cybersecurity experts believed artificial intelligence will be used for cyberattacks in the next 12 months, so most agree it’s already happening. Of course, cybercriminals aren’t exactly publishing their manifestos on the open web; they aren’t writing company blogs about their latest AI and machine learning projects. What we can do is guess and predict how cybercriminals may use AI to perpetrate attacks, including, as Forrester say in their report, automating attacks and significantly improving the targeting of victims; better impersonating individuals for more effective social engineering; creating and targeting fake news; better code and better use of attack resources for distributed denial of service (DDoS) attacks; and developing more virulent malware and viruses. 

Let’s take a look at how machine learning could enhance a phishing attack

Let’s take an example of a known type of phishing attack, mimicking an email from a bank that has a link to a fake website where customers enter their details - after which these details are stolen to drain bank accounts, or the data is re-sold on the dark web for use in future scams.

The first step is to gather the personal data for an attack:

The developer of an attack may have a list of email addresses and related personal information that they’ve harvested previously, they could purchase data being re-sold online, or if with the right technical nous, they may develop an AI that constantly crawls the web, looking for identifiable data and probing data repositories for vulnerabilities. Webcrawlers are not new, but with the addition of AI, in the wrong hands, they can become an extremely effective tool that requires minimal effort and cost. Imagine all of the data that they can find on unprotected social media profiles, in chat rooms and forums, through company websites, news sites and other publicly available sources.

Even worse, how often do we hear about major data breaches with unprotected or misconfigured servers? Here’s an example just last week where records for 57 million American residents were revealed by a search engine that scans for connected devices and open servers. It found at least three IP addresses with identical clusters misconfigured for public access. With 73GB of data, the service held data on almost 57 million US citizens, containing information including first and last name, employers, job title, email, address, state, ZIP code, phone number, and IP address. Another index of the same database included over 25 million business records, which held details on companies including employee counts, revenue numbers, and carrier routes.

Next, cybercriminals need to design, build and optimise variants of your email campaign to maximise your returns.   

If this sounds like your typical marketing brief, you’re absolutely right. Just as with the most advanced programmatic advertising campaigns, the returns for cybercriminals are substantial, so why wouldn’t they use advanced AIs to run their campaigns? They would need to develop a range of emails, landing pages and websites by closely replicating content from a number of real banks. They may have the skill set to do this themselves, or just outsource this task to someone online (That person could well be completely unaware that what they’re building is to be used in a scam by the way).

Once they have the necessary campaign assets, and after structuring their campaign strategy appropriately, an AI can continue to test and optimise for maximum returns by learning from the data that it gathers from real users.

For example:

  • Creative variants run against a sub-set or sample of data. This information is used to determine which combinations of emails, landing pages and websites are likely to perform best.
  • Once the optimal formula is known, the AI launches a larger campaign to a wider audience.
  • Based on open rates, click through data, and completion rates, the AI continues to self-optimise, or it might just pause the campaign when it’s not achieving the desired results. Self-optimising might mean that it sends emails at a different time of day because that’s what yields the best open rates, or it serves a certain landing page because that one is achieving higher completion rates.

As with any campaign, the criminals have the capacity to continue to introduce and test new variables, like different page formats and calls to action, or they may take their learnings and try applying them to a different set of data, a different location, or a different vertical. If the banking campaign worked well, why not try the same campaign structure will energy bill scams, or for parcel deliveries?  

I said in a blog post in 2016, that cybercriminals are outmarketing the marketers, and that continues to be true today.

AI and machine learning’s contribution in cyber defence

This constant evolution of cybersecurity threats might sound like it’s impossible to escape. If it’s always changing and learning, what hope do we have in being able to beat it?

The answer, ironically, lies in AI itself. Using the same tricks to learn how to combat the cybercriminals, AI is helping businesses rapidly detect, resolve, and prevent security threats before they spiral out of control and negatively impact businesses.

One example of how intelligent anti-threat software works is MailGuard. For example, with proprietary Hybrid AI threat detection engines, MailGuard currently predicts, anticipates and learns about new and emerging threats.

MailGuard’s use of AI and machine learning enables the analysis and comparison of a huge amount of data that can help us to find answers rapidly and prevent attacks. We’ve been in the business for more than 17 years, so luckily, we have a bit of a head start.

AI and machine learning’s biggest learning: The value of collaboration

Defeating AI with AI is an arms race; the conversation commonly ends with one question: Which side will win? Will AI and machine learning lead to more destruction via more sophisticated cyber-attacks or will it help in making the world more cyber secure?

Although we don’t know how that contest might end, what we do know for a fact is that as attackers and defenders continue to chase innovation in AI in a bid to outdo the other and succeed in their respective goals, it is ultimately how that innovation is shared and used that will decide the future of cybersecurity.

I believe in a proactive and collaborative approach when using AI to defend businesses. Businesses can combine the synergies of both innovative technology and human intelligence to be more cyber secure.

This means investing in advanced technology and updating tools related to firewall configuration, host intrusion detection systems and network intrusion detection systems, advanced email security. However, along with updating security strategies with the latest software, leaders should also spend enough time and investments in cultivating a security culture within their business and regularly updating them on relevant lessons acquired via these updated systems. This will ensure that the potential of advanced technology is being maximised and used to the best possible effect.

A recent survey conducted by the Harvard Business review involving 1,500 companies found that “firms achieve the most significant performance improvements when humans and machines work together. Through such collaborative intelligence, humans and AI actively enhance each other’s complementary strengths: the leadership, teamwork, creativity, and social skills of the former, and the speed, scalability, and quantitative capabilities of the latter.”

Such a mix of artificial and human intelligence will ultimately provide our best chance of success when combating cybercrime today and tomorrow. Instead of trying to only win the race toward achieving the best technology, businesses should aim for the best employment of innovative technology and optimal collaboration.

The threat is real - especially with self-adapting attacks. Revamp your security strategy to bring it in line with current technology trends for peace of mind.

Get the facts

Companies are spending more on cybersecurity now than ever before, but those funds aren't always targeting the most significant dangers. There seems to be a bit of a disconnect amongst many CEOs about the sources of cyber-threat.

Studies consistently show that more than 90% of cyber-attacks are perpetrated via email, yet email security is rarely the biggest item in cybersecurity budgets.  If we’re going to win the battle against cybercrime we have to get real about the nature of the threat.

I’m on a mission to help business people understand cybercrime and protect their businesses from costly attacks. If you would like to learn more about the complex cybersecurity challenges facing business today, please download my e-book Surviving the Rise of Cybercrime. It’s a plain English, non-technical guide, explaining the most common threats and providing essential advice on managing risk.


You can download my e-book for free, here.

“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal. 

... ... ...

Hi, I’m Craig McDonald; MailGuard CEO and cybersecurity author.
Follow me on social media to keep up with the latest developments in cybersecurity and Blockchain; I'm active on LinkedIn and Twitter. 
I’d really value your input and comments so please join the conversation.


Topics: email fraud leadership Craig McDonald Business security social engineering risk management cybersecurity advice cybersecurity culture

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all