MIT Technology Review Insights, in association with AI cybersecurity company Darktrace, surveyed more than 300 C-level executives, directors, and managers worldwide to understand how they’re addressing the cyberthreats they’re up against—and how to use AI to help fight against them.
As it is, 60% of respondents report that human-driven responses to cyberattacks are failing to keep up with automated attacks, and as organizations gear up for a greater challenge, more sophisticated technologies are critical. In fact, an overwhelming majority of respondents—96%—report they’ve already begun to guard against AI-powered attacks, with some enabling AI defenses.
Offensive AI cyberattacks are daunting, and the technology is fast and smart. Consider deepfakes, one type of weaponized AI tool, which are fabricated images or videos depicting scenes or people that were never present, or even existed.
In January 2020, the FBI warned that deepfake technology had already reached the point where artificial personas could be created that could pass biometric tests. At the rate that AI neural networks are evolving, an FBI official said at the time, national security could be undermined by high-definition, fake videos created to mimic public figures so that they appear to be saying whatever words the video creators put in their manipulated mouths.
This is just one example of the technology being used for nefarious purposes. AI could, at some point, conduct cyberattacks autonomously, disguising their operations and blending in with regular activity. The technology is out there for anyone to use, including threat actors.
Offensive AI risks and developments in the cyberthreat landscape are redefining enterprise security, as humans already struggle to keep pace with advanced attacks. In particular, survey respondents reported that email and phishing attacks cause them the most angst, with nearly three quarters reporting that email threats are the most worrisome. That breaks down to 40% of respondents who report finding email and phishing attacks “very concerning,” while 34% call them “somewhat concerning.” It’s not surprising, as 94% of detected malware is still delivered by email. The traditional methods of stopping email-delivered threats rely on historical indicators—namely, previously seen attacks—as well as the ability of the recipient to spot the signs, both of which can be bypassed by sophisticated phishing incursions.
When offensive AI is thrown into the mix, “fake email” will be almost indistinguishable from genuine communications from trusted contacts.
How attackers exploit the headlines
The coronavirus pandemic presented a lucrative opportunity for cybercriminals. Email attackers in particular followed a long-established pattern: take advantage of the headlines of the day—along with the fear, uncertainty, greed, and curiosity they incite—to lure victims in what has become known as “fearware” attacks. With employees working remotely, without the security protocols of the office in place, organizations saw successful phishing attempts skyrocket. Max Heinemeyer, director of threat hunting for Darktrace, notes that when the pandemic hit, his team saw an immediate evolution of phishing emails. “We saw a lot of emails saying things like, ‘Click here to see which people in your area are infected,’” he says. When offices and universities started reopening last year, new scams emerged in lockstep, with emails offering “cheap or free covid-19 cleaning programs and tests,” says Heinemeyer.
There has also been an increase in ransomware, which has coincided with the surge in remote and hybrid work environments. “The bad guys know that now that everybody relies on remote work. If you get hit now, and you can’t provide remote access to your employee anymore, it’s game over,” he says. “Whereas maybe a year ago, people could still come into work, could work offline more, but it hurts much more now. And we see that the criminals have started to exploit that.”
What’s the common theme? Change, rapid change, and—in the case of the global shift to working from home—complexity. And that illustrates the problem with traditional cybersecurity, which relies on traditional, signature-based approaches: static defenses aren’t very good at adapting to change. Those approaches extrapolate from yesterday’s attacks to determine what tomorrow’s will look like. “How could you anticipate tomorrow’s phishing wave? It just doesn’t work,” Heinemeyer says.
Download the full report.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.
How a tiny media company is helping people get vaccinated
More than 132 million people in the US have received at least one dose of a covid-19 vaccine, and as of this week, all Americans over 16 are eligible.
But while the US has vaccinated more people than any other country in the world, vulnerable people are still falling through the cracks. Those most affected include people who don’t speak English, people who aren’t internet-savvy, and shift workers who don’t have the time or computer access to book their own slots. In many places, community leaders, volunteers, and even news outlets have stepped in to help.
One of those groups is Epicenter-NYC, a media company that was founded during the pandemic to help neighbors navigate covid-19. Based in the Queens neighborhood of Jackson Heights, which was particularly hard hit by the virus, the organization publishes a newsletter on education, business, and other local news.
But Epicenter-NYC has gone further and actually booked more than 4,600 vaccine appointments for people in New York and beyond. People who want to get vaccinated can contact the organization—either through an intake form, a hotline, a text, or an email—for help setting up an appointment.
Throughout the vaccine rollout, the group has also been documenting and sharing what it has learned about the process with a large audience of newsletter readers.
We spoke with S. Mitra Kalita, the publisher of Epicenter-NYC, who was previously a senior vice president at CNN Digital and is also the cofounder and CEO of URL Media, a network for news outlets covering communities of color.
This interview has been condensed and edited for clarity.
Q: How did you start setting people up with vaccine appointments?
A: It began with two areas of outreach. First, when I had to register my own parents for a vaccine and found the process to be pretty confusing, I immediately wondered how well elderly residents, their friends and neighbors, manage this process. I just started messaging them.
The second was when a restaurant [from our small business spotlight program] reached out and said, “Do you guys know how to get vaccines for our restaurant workers?” Because I had been navigating some of this for the elderly, I started to help the restaurant workers. There started to be a similar network effect. One of the workers at this restaurant has a boyfriend who is a taxi driver; when I helped her, she asked if I could help her boyfriend; then the boyfriend texted me with some of his friends; and it kept spreading in that way.
Q: How is Epicenter-NYC filling gaps in vaccine distribution right now? What is your process like, and who are you helping?
A: We’ve had between 200 and 250 people reach out to volunteer. The outreach efforts range from putting up fliers, doing translations, and calling people to literally booking the appointments.
I don’t care if you’re a Bangladeshi taxi driver in Queens and your cousin is in New Jersey. We’re going to help both of you. A woman on the Upper East Side who’s 102 years old who is homebound and needs a visit is absolutely going to get Epicenter’s help.
What we’re doing now is continuing the route of connecting people to each other and opportunities. There’s a lot of matchmaking going on. We can sort through a list of about 7,500 to 8,000 people who said they need help, and then find places in proximity. We’ve become this wonderful marriage—a centralized operation that also embraces decentralized solutions.
Q: We know that vaccination rates lag in many communities that were hit the hardest. Why is that? What issues and barriers are people experiencing?
A: Just before the latest Johnson & Johnson pause announcement, I said, “We’re at a point where everybody remaining is a special case.”
I think we’ve leapfrogged to vaccine hesitancy without solving for vaccine access. We don’t see a lot of hesitancy, but we do see a lot of concerns over some issues. Number one would be scheduling. We’re dealing with populations that are working two, maybe three jobs, and when they say “I have this window on Sunday at 3 p.m. until maybe 6 p.m., when my next shift starts,” they really mean that’s the only window.
Q: People have been asked to prove who they are, where they work, and where they live in order to qualify for a vaccine. This was especially true when eligibility was more limited. How did you help people face barriers around getting the documents they needed?
A: New York State has been explicit in saying you can still get a vaccine even if you are undocumented. But that messaging doesn’t really match the on-the-ground reality.
Police in Ogden, Utah and small cities around the US are using these surveillance technologies
One afternoon, I accompanied Heather West, the detective who’d been perusing gray pickups in the license-plate database, and Josh Terry, the analyst who’d spotted the kidnapper with the Cowboys jacket, to fly a drone over a park abutting a city-owned golf course on the edge of town. West was at the controls; Terry followed the drone’s path in the sky and maintained “situational awareness” for the crew; another detective focused on the iPad showing what the drone was seeing, as opposed to where and how it was flying.
Of all the gadgets under the hood at the real time crime center, drones may well be the most tightly regulated, subject to safety (but not privacy) regulations and review by the Federal Aviation Administration. In Ogden, neighbor to a large Air Force base, these rules are compounded by flight restrictions covering most of the city. The police department had to obtain waivers to get its drones off the ground; it took two years to develop policies and get the necessary approvals to start making flights.
The police department purchased its drones with a mind to managing large public events or complex incidents like hostage situations. But, as Dave Weloth soon found, “the more we use our drones, the more use cases we find.” At the real time crime center, Terry, who has a master’s in geographic information technology, had given me a tour of the city with images gathered on recent drone flights, clicking through to cloud-shaped splotches, assembled from the drone’s composite photographs, that dotted the map of Ogden.
Above 21st Street and Washington, he zoomed in on the site of a fatal crash caused by a motorcycle running a red light. A bloody sheet covered the driver’s body, legs splayed on the pavement, surrounded by a ring of fire trucks. Within minutes, the drone’s cameras had scanned the scene and created a 3D model accurate to a centimeter, replacing the complex choreography of place markers and fixed cameras on the ground that sometimes leave major intersections closed for hours after a deadly collision.
When the region was hit by a powerful windstorm last September, Terry flew a drone over massive piles of downed trees and brush collected by the city. When county officials saw the resulting volumetric analysis—12,938 cubic yards—that would be submitted as part of a claim to the Federal Emergency Management Agency, they asked the police department to perform the same service for two neighboring towns. Ogden drones have also been used to pinpoint hot spots after wildland fires, locate missing persons, and fly “overwatch” for SWAT team raids.
This flight was more routine. When I pulled into the parking lot, two officers from Ogden’s community policing unit looked on as West steered the craft over a dense stand of Gambel oak and then hovered over a triangular log fort on a hillside a couple of hundred yards away. Though they’d never encountered people on drone sweeps through the area, trash and makeshift structures were commonplace. Once the RTCC pinpointed the location of any encampments, the community service officers would go in on foot to get a closer look. “We get a lot of positive feedback from runners, hikers,” one officer explained. After one recent visit to a camp near a pond on 21st Street, he and the county social service workers who accompanied him found housing for two people they’d met there. When clearing camps, police also “try and connect [people] with services they need,” Weloth said. The department recently hired a full-time homeless outreach coordinator to help. “We can’t police ourselves out of this problem,” he said, comparing the department’s efforts to keep new camps from springing up to “pushing water uphill.”
NASA has flown its Ingenuity drone helicopter on Mars for the first time
The news: NASA has flown an aircraft on another planet for the first time. On Monday, April 19, Ingenuity, a 1.8-kilogram drone helicopter, took off from the surface of Mars, flew up about three meters, then swiveled and hovered for 40 seconds. The historic moment was livestreamed on YouTube, and Ingenuity captured the photo above with one of its two cameras. “We can now say that human beings have flown a rotorcraft on another planet,” said MiMi Aung, the Ingenuity Mars Helicopter project manager at NASA’s Jet Propulsion Laboratory, at a press conference. “We, together, flew at Mars, and we, together, now have our Wright brothers moment,” she added, referring to the first powered airplane flight on Earth in 1903.
In fact, Ingenuity carries a tribute to that famous flight: a postage-stamp-size piece of material from the Wright brothers’ plane tucked beneath its solar panel. (The Apollo crew also took a splinter of wood from the Wright Flyer, as it was named, to the moon in 1969.)
The details: The flight was a significant technical challenge, thanks to Mars’s bone-chilling temperatures (nights can drop down to -130 °F/-90 °C) and its incredibly thin atmosphere—just 1% the density of Earth’s. That meant Ingenuity had to be light, with rotor blades that were bigger and faster than would be needed to achieve liftoff on Earth (although the gravity on Mars, which is only about one-third of Earth’s, worked in its favor). The flight had originally been scheduled to take place on April 11 but was delayed by software issues.
Why it’s significant: Beyond being a significant milestone for Mars exploration, the flight will also pave the way for engineers to think about new ways to explore other planets. Future drone helicopters could help rovers or even astronauts by scoping out locations, exploring inaccessible areas, and capturing images. Ingenuity will also help inform the design of Dragonfly, a car-size drone that NASA is planning to send to Saturn’s moon Titan in 2027.
What’s next: In the next few weeks, Ingenuity will conduct four more flights, each lasting up to 90 seconds. Each one is designed to further push the limits of Ingenuity’s capabilities. Ingenuity is only designed to last for 30 Martian days, and is expected to stop functioning around May 4. Its final resting place will be in the Jezero Crater as NASA moves on to the main focus of its mission: getting the Perseverance rover to study Mars for evidence of life.