How AI helps decode cybercriminal strategies

With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology.

The quest for tangible business benefits is in full swing, and in cybersecurity as much as any industry, it’s important to distinguish the deployment of AI technologies simply for the sake of it, as opposed to identifying the use cases where AI will make a real difference. Lauding AI as the solution to every problem muddies the waters and could lead to missed opportunities.

In the field of threat intelligence, however, there are specific ways in which AI tools are showing huge promise for cybersecurity teams, including in lifting the lid on dark web threats. The dark web is a hugely complex landscape, well-known for the promise of anonymity, and a domain where cybercriminals organize and plan their attacks against organizations. There is a role for AI in gathering data from the dark web, applying structure to it, and ultimately turning it into intelligence that organizations can use to inform their security strategy.

The dark web is a perfect use case for AI

The dark web represents a classic case of unstructured, disparate, and difficult-to-analyze data. From forum discussions, marketplace listings, and ransomware group communications, often scattered across various platforms and languages – making sense of the dark web and navigating this vast, evolving terrain can be daunting, even for experienced cyber analysts.

The biggest use case for AI is its ability to process, analyze, and interpret natural language communication efficiently. AI algorithms can quickly identify patterns, correlations, and anomalies within massive datasets, providing cybersecurity professionals with actionable insights. This capability not only enhances the speed and accuracy of threat detection but also enables a more proactive and comprehensive approach to securing organizations against dark web-originated threats. This is vital in an environment where the difference between detecting a threat early in the cyber kill chain vs once the attacker has achieved their objective can be hundreds of thousands of dollars.

The role of AI in overcoming language barriers

A great way to illustrate this use case is through language translation. The dark web is a global space with cybercriminals operating in various languages and using complex and dark-web-specific slang. Our data shows us that the top 10 languages used on the dark web are English, Russian, German, French, Spanish, Bulgarian, Indonesian, Turkish, Italian, Dutch, and standard Chinese. After English, Russian is the most used language on the dark web, accounting for 66 percent of non-English language content. 

But it’s often not textbook Russian. Just as English-speaking hackers have their own slang terms, acronyms, and code words, so do their Russian counterparts. Historically, this has created a challenge for gathering intelligence from the dark web, because once security professionals capture a conversation between potential adversaries, they must “decode” it.

Traditional translation tools, naturally, are not equipped to accurately translate the slang used by Russian hackers. But, by training a model on the slang terms used on the dark web, custom-built AI-powered translation tools can help to break down this multilingual complexity and identify hidden threats. 

This AI-based approach also has the potential to improve efficiency of security teams and the accuracy of intelligence by removing the manual and error-prone process involved copying and pasting large quantities of content or searching through dark web data with poorly translated terms. Advanced AI models, such as transformers, can also produce a better understanding of the semantic meaning of translations rather than merely translating word-for-word. By using context to derive meaning, AI improves translation accuracy, allowing analysts to interpret threats that might otherwise remain hidden.

Understanding the nature of the threat

Another potential use case of AI is in quickly identifying and alerting specific threats relating to an organization, helping with the prioritization of intelligence. One thing an AI could look for in data is intention – to assess whether an actor is planning an attack, is asking for advice, is looking to buy or to sell access or tooling. Each of these indicates a different level of risk for the organization, which can inform security operations.

Take, for example, posts by initial access brokers, i.e., advertisements cybercriminals post on the dark web to sell access to an organization’s network. Monitoring for such posts is a time-consuming and manual task for a human analyst, as it requires them to read through dark web forums day-in, day-out and spot relevant posts through a lot of noise. But an AI model can be trained to identify and extract key components of an initial access broker post as well as identify the possible target, providing that company advanced warning and allowing them to review their security protocols, heighten their alert status and begin proactively hunting for signs of access.

Enhancing threat intelligence through AI

AI is not going to be a cure-all in cybersecurity, but there’s a role it can play in areas where inefficiencies are created by vast amounts of unstructured data. There is an ever growing source of threat feeds and data sources for security teams to monitor, making extraction of relevant intelligence increasingly difficult. AI can support security analysts by quickly and efficiently finding the most serious threats. Time is critical in security and there is a real power in making threat intelligence faster, more accurate, and therefore more actionable. 

Moreover, as AI innovations make gathering intelligence easier and less resource-intensive, there is a high likelihood that it will enable smaller cybersecurity teams to undertake more sophisticated threat intelligence activities such as actively monitoring the dark web for potential threats against their organization. It could allow more companies to adopt a proactive cybersecurity stance. As technological advancements continue, the integration of AI in threat intelligence will become standard. Looking beyond the hype, AI could prove to be a major catalyst in bringing proactive dark web monitoring into the mainstream.