In an article earlier this month, Techopedia warned that while we may have seen the beginnings of criminal use of AI-driven cyber threats, 2024 was likely the year companies needed to adapt to AI-led cyber-attacks at scale. Along with the rest of the world, we’re anticipating that AI will lead to a lower knowledge barrier to entry for cybercriminals and exponential growth in the sophistication of these attacks.
1. Using generative AI to develop malware
Once upon a time, the quintessential hacker was seen as a shady guy in a hoodie, sitting in a darkened room, programming into the night for nefarious purposes.
Whether this cliché was true or not, it is an outdated assumption. In 2024, people are leveraging generative AI to write the code behind the malware, opening up the hacker market to anyone with a computer and an internet connection.
2. Attacks at scale
As far back as 2019, 80% of cybersecurity decision makers believed AI would increase the scale and speed of attacks and the range of creative methods used. This prediction is proving to be accurate, with Joseph Harisson, CEO of the Dallas-based IT Companies Network, discussing why AI-powered threats are so challenging to detect and prevent.
“AI algorithms act like digital bloodhounds, sniffing out anomalies and threats with a precision that human analysts might miss. They use AI to craft more sophisticated cyber-attacks, turning the hunter into the hunted,” Harisson said. “These AI-powered threats are like chameleons, constantly evolving to blend into their digital surroundings, making them harder to detect and thwart. It’s a perpetual cat-and-mouse game, with both sides leveraging AI to outmanoeuvre the other.”
3. Analyse attack strategies to increase success rates
The rise of big data has meant that AI analytics tools are a boon for businesses, allowing them to sort through an unmanageable quantity of sales figures, online statistics, customer data and trend analysis. Guess who else is using it to improve their success rate? That’s right, the cyber criminals of the world can now analyse their attack strategies to refine and improve with every attempt.
Not only that, AI tools are also being used to develop malware that adapts to bypass detection systems and traditional security.
These increasingly sophisticated attacks pose additional pressure on companies to be thorough, proactive and consistent in their cyber security approach.
4. Model phishing emails on genuine communication letters or emails
In February 2022, we discussed the inconvenience of hackers discovering generative AI to produce correctly spelt and increasingly realistic phishing emails. Whereas in the good old days, it was enough to skim-read for spelling and grammar errors, check whether the email address was a jumble of nonsensical letters and numbers, and consider whether your colleague from the cubical next door would realistically start his email with Dearest kind sir, today’s hackers are replicating real-life company communication.
5. Use of deepfake images to pass on misinformation for nefarious purposes
The internet is having a great time using artificial intelligence and machine learning to alter people’s faces, voices, and even their biometrics. You can buy AI-generated stock images, people are using AI to generate a whole host of mythical versions of themselves, and they have fast-tracked realistic game design in a big way.
But in the wrong hands? A cybercriminal can now bypass security measures like the Centrelink and Tax Office voice prints, with disastrous implications for identity theft. There have also been cases where deepfake videos of politicians like Obama have been used to manipulate public opinion and spread disinformation.
6. Infiltrating generative AI
Have you ever asked ChatGPT to recommend a piece of code for you? Hopefully, that answer is no, as generative AI has been found to generate code libraries and references that don’t exist. From a hacker’s perspective, this presents an opportunity to replace ChatGPT-generated code packages with malicious packages that can infiltrate your system – more on how that works here.
It’s scary stuff, making a robust cybersecurity strategy is more critical than ever. If you are concerned about whether your organisation is at risk, we offer a free cybersecurity assessment to help you understand any vulnerabilities in your defence.