Hackers are combining AI with encryption tools to make cyberattacks even more stealthy as well as more devastating, Tom Burt, Microsoft’s vice-president for security, told The Wall Street Journal.
“Cybercriminals and nation-states are using AI to refine the language they use in phishing attacks or the imagery in influence operations,” he said.
Generative AIs can write phishing emails—those impersonating a human, especially one you might know or be related to—that are more convincing than many such attempts by people. New AIs also can generate images, such as one showing a loved one tied to a chair with a masked terrorist standing by.
“Some tasks that previously necessitated teams of people can now be done by single individuals,” cybersecurity consultant Lukasz Olejnik said to the WSJ.
At manufacturing firm Cummins, the number of phishing emails has surged since late last year when ChatGPT was introduced, corporate information security chief Diego Souza told the WSJ.
The language used to sound like the message came from a known person at a partner or client company has become much more realistic, he added.
Phishing services have popped up on the dark web. For subscription fees of $200 to $1,000 a month, the services will create phishing emails on request.
Ransomware attacks in which thieves steal data and demand payment to prevent them from releasing it publicly doubled from last November through June this year, Microsoft reported after examining incidents among 135 million devices owned by customers and 300 known hacker groups.
During roughly the same period, the number of ransomware schemes hatched by humans instead of by computer programs tripled, Microsoft said. Human-made thefts can be more tailored and targeted than those created by devices. Cheap AIs such as ChatGPT can give any ambitious hacker the means.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other federal offices have warned that hackers are crafting sophisticated AIs to break into corporate and government networks.
The government must focus on creating new security measures to repel attacks from foreign enemies, CISA director Jen Easterly said in April testimony to Congress.
“The battle has to be escalated,” Lane Bess, CEO of security provider Deep Instinct told a conference earlier this month.
Cisco Systems’ purchase of AI-oriented cybersecurity firm Splunk for $28 billion last month (see “Cisco Buys Splunk” 26 Sep 2023) underscores the shift in security terrain to a focus on artificial intelligence.
TRENDPOST: With both hackers and defenders using AI and upgrading their tools as fast as new versions are released, the chances of keeping digital data safe are diminishing.
Security pros may decide to use several additional layers of barriers, each different from the one above and below, to slow invaders’ progress while alarms alert humans to take control of the defense. They may decide to lay various digital “land mines” that can scramble incoming attacks. There will be no shortage of attempts to foil infiltrators.
AI has awarded long-term job security to hackers and security experts alike.