Suggestions on how to tackle this new breed of attack tools, driven by AI?
Do we have to appropriate capabilities to tackle it using traditional methods, I suggest we do not.
After reading the article it is saying malware is coming that is Stuxnet on steroids, or with an AI module installed. Instead of looking for Phillips Centrifuges it would be looking for a person using biometrics or behavioral analysis patterns. The more info we give away in this world through voluntary means (social media, apps, IoT connected devices, etc.) the easier we make this happen.
Are we ready for it? It depends. Certain areas I can see are ready for it, but others are not. Criminals are inventive. I remember reading a story once that a manager of a popular gas station just off the interstate highway was having an issue with thieves coming in to the ladies restrooms and stealing ladies purses from the stalls. The bathroom stall doors had a coat hanger near the top on the inside of the door and when a lady entered she would close the door, lock the door, and then hang her pocket book/purse from the hook. The thieves would be watching for this and would walk up and reach over the top of the door and grab the purse and run out. The ladies would not have enough time to get up, get dressed and unlock the door to chase after the thief so they got away. So one weekend the manager went in and removed all of the coat hanger hooks from the stall doors. Then the complaints started coming in. "Where are the hooks?" "I need to have somewhere to keep my purse off the ground", etc. He would explain to them the reason why and while they understood, they were not happy.
About a week later a customer approached him and said "I'm glad you changed your stance on the bathroom door hooks and put them back." He was puzzled because he, nor his employees had done such a thing. He went to investigate and sure enough, the THIEVES had come in and reinstalled some new hooks on all of the doors. AND they even used anti-theft screws to make them harder to remove! If you don't know, anti-theft screws are meant to be screwed in only and be extremely inconvenient to remove. For most instances you have to drill them out or grind them off to remove them!
It is a cat and mouse game. As the attackers create new avenues of attacks, we have to evolve with them. Information security jobs are an ever learning career.
I am not sure that this answers the issue: We know the Crimes Incorporated Inc, are actively using AI to transform their abilities to create new attacks, and to transform and direct them quickly at targets. In the future, as the article suggested, the ability to hide, alter the characteristics of their original attack and misdirect or confuse detection systems, could be quite devastating. If we cannot, also use similar techniques, then the Dark Web and their viable businesses, potentially may persuade some to move to the Black side, rather than to remain on the White side.
Will legitimate businesses survive in that case?
At which point, does this occur? It has been suggested that the Crimes Incorporated Inc are making more illegal money per annually than the legitimate businesses legally.