That Artificial Intelligence, or AI for short, has the potential to transform and revolutionize our lives is undeniable. As with any tool, they can be a powerful force for positive change in the world, but in the wrong hands, they could cause serious harm.
That begs the question: How is AI technology empowering hackers?
AI-driven cybersecurity threats are developing at a place we have not seen before. From January to February 2023, researchers from Darktrace – a global leader in cybersecurity AI – saw a 135% increase in novel social engineering attacks, corresponding with the widespread adoption of ChatGPT, which was released to the public in October 2022.
How do Hackers use generative AI to deceive and manipulate?
Social engineering – specifically malicious cyber campaigns delivered via email – has been the primary source of an organization’s vulnerability to attack for years. Phishing scams and malware attacks, often sent and created by threat actors operating from regions where English is not the primary language, have become familiar to the point where we all know the red flags to look for. Most of us have encountered these poorly worded emails soliciting wire transfers or gift card contributions, coercing people into unwittingly aiding the attackers in reaping the rewards. The trouble is that AI doesn’t make misspellings, and with tools like ChatGPT, composing a persuasive email (mostly) free from grammatical and spelling errors has become easy, giving nefarious actors even less incentive to cease and desist.
Consider this example. I asked ChatGPT this basic question: “Write an email asking users to click a link to reset password,” and within 30 seconds, it came up with this message:
Scary, right?
The trend we’re seeing suggests that generative AI, such as ChatGPT, is providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale.
Here are some other examples of how hackers are using AI as a tool for their actions:
Password Cracking
Passwords remain a weak link in many cybersecurity defenses. Machine learning algorithms can analyze massive datasets of stolen passwords and identify patterns. Using information from past data breaches to discover common password patterns, they can “easily” guess passwords and execute brute-force attacks (a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys) much more accurately, making it essential for users to adopt strong, unique passwords and enable two-factor authentication to protect their accounts.
Advanced Malware and Ransomware
The development of AI-driven malware and ransomware has raised the stakes in the cybersecurity landscape. Hackers employ AI algorithms to create malware that can evade traditional signature-based antivirus solutions, making it more difficult for companies to protect their systems from these attacks.
Additionally, AI can be used to determine the most valuable targets for ransomware attacks, increasing the potential for higher payouts.
Predictive Analysis for Target Selection
Hackers are increasingly using AI to conduct predictive analysis for identifying potential targets. By analyzing publicly available data, social media profiles, and online activity, AI can help hackers identify individuals or organizations with valuable information or weak security measures, enabling more precise targeting and reducing the chances of getting caught.
Deepfake Shenanigans
Remember those deepfake videos that make it look like someone said or did things they didn’t? Yep, AI’s behind that too.
Deepfake technology uses AI to create realistic fake videos and audio recordings and poses a significant threat in the hands of malicious actors. It can be used to impersonate individuals, deceive employees, or spread false information, potentially causing significant damage to individuals or organizations.
In a nutshell:
AI is a big deal. Cybercriminals are harnessing AI to launch sophisticated and novel attacks at large scale, and defenders are using the same technology to protect critical infrastructure, government organizations, and corporate networks. Although it is hardly surprising that hackers would turn to artificial intelligence to develop better scams, the future of these AI-powered schemes remains uncertain. It is clear, however, that as AI technology evolves, the battle between hackers and cybersecurity professionals will continue, with AI playing a central role on both sides. This is a tech battle that’s just getting started!
Some simple things you can do to reduce your risk:
-
use different passwords across accounts,
-
update internet-connected devices regularly, and
-
enroll your staff in a security awareness training program that is delivered routinely and teaches them how to spot and deal with these nifty attempts at social engineering.
For help and support in implementing a cybersecurity program that future-proofs your business, schedule some time to talk; you can contact Meeting Tree Computer here.
