The Impact of AI on the Cyber-threat Landscape
Posted on 12th March 2024 at 15:41
The rapid growth of artificial intelligence (AI) is reshaping industries and revolutionising how people live and work. Its potential to propel scientific advances and bolster economic growth is apparent, but its implementation is not without significant risk. What’s more, the security risks associated with AI use are not yet fully understood, so the cyber-threat landscape could become more treacherous over time. Organisations should consider the following risks AI enhances in the cyber-threat landscape:
• Data poisoning—Cyber-criminals could “poison” the data used to train AI tools to influence the tool’s decision-making. Through corrupt training data, AI models may learn incorrect or biased information, which threat actors can exploit for malicious gains. Moreover, data poisoning could lead to a rise in stealth attacks—where manipulated training data creates vulnerabilities that are difficult to detect during the testing process but can be exploited later.
• Automated malware—Although AI tools have protections to prevent users from creating malicious code, threat actors are rapidly finding ways to overcome these. As such, natural language processing (NLP) tools such as ChatGPT could help threat actors create automated malicious software (malware) at record speeds. As these tools advance, the barrier for entry for malicious actors may lower; even those with entry-level programming skills may be able to create sophisticated malware, increasing the volume of successful compromises.
• Social engineering attacks—AI can already facilitate convincing interaction with victims, and the persuasive nature of these social engineering attacks may only deepen as this technology evolves. For instance, NLP tools can help criminals craft plausible phishing emails without the spelling and grammatical mistakes that ordinarily reveal them as spam. Additionally, snippets of a target’s voice can be used to train AI algorithms to create convincing deepfake attacks (eg mimicking a manager’s voice to trick an employee into revealing sensitive information).
• Enhanced reconnaissance—AI’s ability to quickly summarise data can help threat actors gather information, exfiltrate data and identify vulnerabilities quicker.
It’s worth noting that AI has also brought about significant advances in cyber-security, particularly automated threat detection and response. Therefore, understanding both AI’s merits and its potential pitfalls is crucial for organisations across all sectors.
For more information, contact us today.
Share this post: