AI in Cybersecurity: Overcoming the Defender’s Dilemma and Creative Scams
The complexity of cybersecurity grows as the digital world continues to evolve. Hackers are becoming more creative, sophisticated scams are on the rise, and with the integration of AI into these malicious tactics, cybersecurity experts face an uphill challenge. But there’s hope. Artificial Intelligence (AI) is increasingly seen as a powerful ally in cybersecurity, providing defenders with the tools to detect, analyse, and disrupt potential threats.
GovTech’s Anti-Scam Products (GASP) team has adopted AI to level the playing field in this ever-evolving battle. Mr Mark Chen, Principal Product Manager at GASP, and Mr Andre Ng, Assistant Director at GASP, will share more about how the GASP team uses AI to overcome the Defender’s Dilemma.
Let’s dive into how AI is changing the face of cybersecurity and what this means for both defenders and attackers in this high-stakes game:
-
The Defender’s Dilemma
-
Scammers Becoming More Creative in Their Methods
-
The DNA of the GASP Team at GovTech
-
How to Check for Malicious Sites or Documents?
The Defender’s Dilemma in Cybersecurity
In today’s digital age, cybersecurity is a relentless battle. While defenders work tirelessly to safeguard systems from countless threats, attackers only need to find one vulnerability to strike. This is the essence of the Defender’s Dilemma. It highlights the difficult position cybersecurity professionals face: they must defend every aspect of a system, while cybercriminals can focus all their efforts on identifying and exploiting a single weak point.
According to Google’s report on How AI Can Reverse the Defender’s Dilemma, there are 3 main factors that contribute to this issue:
1. The internet was built for sharing information but not for the security of data
Security was not a primary focus when the internet's original technology stack was developed. Furthermore, key protocols did not prioritise security features such as identity and authentication. While there have been attempts to improve on this, changes happen slowly, and there is also the risk of fracturing compatibility with older systems.
2. The digital world is growing more complicated every year
The internet's design lets different technologies work together, but new risks emerge as software becomes more complex. Developers add layers to simplify this complexity, but these layers can create security gaps or vulnerabilities. As our digital world expands, the security risks increase, especially with AI enabling more software creation and management.
3. The lack of cybersecurity expertise and resources to combat attackers
Attackers have significant advantages over defenders, who are stretched thin across the digital ecosystem. While defenders must protect against many threats, attackers can focus on a single target, exploiting vulnerabilities and waiting for mistakes. Small businesses are especially vulnerable, as they may lack the resources and expertise to defend against determined attackers.
Andre explains that with the current state of digital scams and how they are evolving, AI must be used in cybersecurity efforts to combat the increasingly sophisticated scams and address the defender’s dilemma.
“We have reached a point where we have no choice but to use artificial intelligence to help us do our jobs. There is so much telemetry data to analyse, and spotting any anomalous pattern or behaviour in this pool of data is akin to finding a needle in a haystack. So, we use AI to mimic the defender’s intuition in spotting anomalous behaviours, and at a much faster rate. In this sense, you can think of AI as a massive force multiplier.” - Andre Ng
With all the disadvantages that defenders face, there is growing evidence that AI is the solution to their dilemma. Apart from the example of SATIS and how it is constantly improving its abilities to hunt down malicious sites, another example would be the Anti Money Laundering AI tool developed by Google. It has already proven to be more effective in detecting suspicious activities and reducing false positives with its machine-learning capabilities.
Scammers are Becoming More Creative in Their Methods
While the GASP team is working hard to develop more products to combat scams, Mark acknowledges that scammers are becoming more creative and changing their methods.
He provides the example of the CDC vouchers scam incident that occurred earlier this year:
“When we first looked at this issue, we thought that ‘okay, they’re just trying to phish for banking or Singpass credentials.’ But what actually happened was a multi-stage scam in which the scammers asked victims for their phone number(s) and then sent them OTPs via Telegram or WhatsApp. Once victims keyed in the OTPs, the scammers took over the victims’ Telegram and WhatsApp accounts, messaging friends and family and asking them to transfer money to a third-party account. From the point of view of the eventual victim (the one who lost money), they were transferring money to their actual friend” - Mark Chen
Adding to Mark’s example of the CDC vouchers incident, Andre explains that scammers are getting better at mimicking legitimate websites, and with the growing capabilities of deepfake technology, it is even harder for the naked eye to spot suspicious content.
“You can no longer look out for grammatical errors or the SSL certificate to determine if a website is safe”, says Andre.
While scams are indeed getting harder to spot, Mark and Andre both agree that the common convergence point for scammers is usually bank transfer requests. Ultimately, scammers need to convince potential victims about the truth of their claims and how money is somehow needed to fix the issue.
The DNA of the GASP Team at GovTech
The GASP team is very much an experimental unit that is constantly using different methods of using AI to fight scams and is currently expanding SATIS’ capabilities to analyse online advertisements in addition to websites.
The team from GovTech’s Anti-Scam Products (GASP).
“Part of the process of creating successful products requires failure, and if we don’t fail, then we won’t learn anything. So, we have to be comfortable with letting go of the ideas that didn’t work out because this is also part of the discovery process. Having this attitude is important for us if we want to catch up with the latest trends of scams.” - Mark Chen
How to Check for Malicious Sites or Documents?
Here are some online tools and ways that you can use to verify websites, documents, emails, and more:
Google Cloud’s VirusTotal
Google Cloud’s VirusTotal has been using AI to analyse suspicious files, domains, URLs, and more to determine if it is malicious or safe to use. The data is also automatically shared with the security community so that they can use the data to train better AI detection models.
ScamShield
Download the ScamShield app to:
-
Check for scams
-
Report potential scams
-
Block and filter scams
ScamShield operates by matching unknown numbers against a database managed by the SPF. Numbers linked to scams are blocked automatically. If you're unsure if something is a scam, call the 24/7 ScamShield helpline at 1799 to check.
CheckMateSG
CheckMateSG is a ground-up initiative that relies on a network of volunteers, called CheckMates, and AI to combat misinformation and scams. Users can send messages to the CheckMate bot, which then forwards them to CheckMates for verification. Once the message is analysed by the majority of the CheckMates, CheckMateSG informs the user if the message is likely a scam. This system is dedicated to protecting the community by addressing misinformation and scams, one message at a time.
If you’re interested, you can also volunteer to become a fact-checker at CheckMateSG!
List of trusted government websites
Check out the list of legitimate government-associated websites and other organisations if you’re unsure!
Note: This is the 2nd article of a two-part article series. Check out the 1st article below:
