With the proliferation of generative AI tools like chatbots and image generators, attackers have taken to using them as weapons against others to launch sophisticated phishing attacks or spread malware—known as abuse of genAI. The Cyber security guru must rapidly adapt and innovate in order to combat emerging threats.
NIST has published a guide that defines and categorises attacks against generative AI systems, including those targeting deployment (evasion attacks) or training (poisoning attacks).
1. Deepfakes
Cyber attackers quickly utilize deepfakes as one of the most potent tools to impersonate and deceive individuals. Deepfakes utilize artificial intelligence technology to create or manipulate video and audio content so realistic that even experts are fooled. Unfortunately, bad actors have taken to harnessing this dangerous technology in order to impersonate executives, business associates, or anyone else they wish.
Knowing how deepfakes operate is critical to protecting yourself against malicious attacks and can prevent you from falling for scams or getting duped online. Common sense should always be applied when accessing online information; always double-check its source, trace its path backwards, and only trust reliable news outlets when making decisions based on them. Password managers can be useful tools for protecting online accounts by using strong passwords that are unique across them all, but be wary when downloading files or videos from unknown or suspicious sources that don’t directly apply to you personally!
As our world becomes more digital and virtual economy-dependent, attacks of this nature have increased as deepfake technology becomes more sophisticated, allowing criminals to launch attacks that could damage businesses or individuals more easily.
As one example, criminals have used deepfakes to pose as executives and request money transfers from employees through Business Email Compromise (BEC) scams, one of the most widely utilised techniques by bad actors to gain money or privileged information from businesses. Such scams typically target employees with access to company finances, making it imperative for businesses to educate their workforce members on recognising social engineering threats such as BEC.
Deepfakes pose another security risk by making it easier for fraudsters to bypass identity verification technologies, including face and voice recognition apps or biometric-based authentication for services like banking. Thankfully, organisations can take measures to mitigate deepfakes’ risks, including adopting zero-trust security approaches and mandating multi-factor authentication as a prerequisite to access network resources.
2. Data Poisoning
AI’s versatility, particularly its capacity to work with large data sets, also poses a security threat, so it is crucial to learn how to fend off cyberattacks that involve data manipulation by malicious attackers.
This type of attack works by injecting poisoned data into an AI model during either its training phase or once it is deployed. Examples may include inserting racist and gender slurs into images used for facial recognition or inserting adversarial patterns into data that cause it to misidentify certain people or locations.
Attackers may use such techniques to manipulate an AI system’s output or even deceive users, as seen with pro-Russia hacktivists using this tactic to support Russian political interests. Because any piece of data fed into an AI can alter its outcome, security leaders must take measures to safeguard all ingress and egress of data by verifying the provenance of information and adopting technologies like signing (analogous to code signing in software supply chains) to secure its ingress and egress.
As AI becomes more pervasive, attacks may increase as cybercriminals utilise it to automate aspects of their campaigns and enhance scalability, efficiency, and turnaround times. Furthermore, more companies adopting AI tools as business process optimisation solutions will open new routes of attack for cybercriminals.
AI can automatically launch phishing campaigns targeting large numbers of people simultaneously or spread false information or propaganda. 2024 will likely bring even greater challenges for security teams as this type of cyberattack becomes more commonplace.
Assure your employees of cyber security guru best practices, such as how to recognise phishing emails and not click on any suspicious links or download files from unknown sources. To effectively defend against cyber attacks like this one, companies can take certain precautions in selecting AI vendors and conduct thorough due diligence prior to hiring them. Educate employees on best cybersecurity practices as well, such as teaching them how to recognise phishing emails without clicking suspicious links or downloading files from unknown sources.
3. Phishing
Phishing is a cyber attack that uses emails or other communications channels to coax victims into providing sensitive data, clicking attachments, opening links, or downloading malware. Phishers employ techniques like fear, curiosity, urgency, and pressure tactics in their attacks on mass recipients or targeted individuals or groups. Using fear, curiosity, or urgency tactics, they often bypass technical security factors to access internal networks and steal sensitive information, which they then sell on black markets or exploit for financial gain or corporate espionage purposes.
Phishing attacks present unique challenges because they often appear as legitimate emails or communications from trusted sources, making detection challenging for human users who rely on automated tools that may produce false positives. Attackers may spoof email accounts to impersonate popular social tools and apps and software, or exploit social media accounts for personal details that make the attack seem more plausible. Automated tools prone to false positives make detecting phishing difficult.
Generative AI is a boon for bad actors as it can create near-perfect imitations of people, including their likenesses, voices, and dialect. This can lead to novel attacks, which most organisations are unprepared for; attackers could impersonate executives using both phishing tactics and AI-driven mimicry in order to trick employees into believing they’re speaking with their real bosses, possibly leading to denial-of-service attacks, ransomware installations, or the theft of confidential data.
Generative AI’s versatility extends beyond mimicry; it can also be used to attack security systems by “poisoning” them, something researchers have documented as possible approaches. Therefore, security professionals need to understand all potential vulnerabilities associated with Gen AI so as to effectively mitigate them.
4. Ransomware
Ransomware is a form of malware that encrypts files, making them inaccessible, and demands payment in exchange for decrypting them. Attackers often threaten to sell or leak any exfiltrated data or authentication information if the victim does not make a ransom payment promptly. Ransomware poses an increasing threat to state, local, tribal, and territorial (SLTT) governments and critical infrastructure organisations.
Attackers typically target organisations for ransomware attacks based on their perceived vulnerability or value; hospitals often lack adequate IT security, making them susceptible to ransomware attacks that compromise data quickly. Legal firms and other organisations with sensitive data also make easy targets since they may pay the ransom just to keep the breach quiet.
As soon as attackers gain entry to a network, they usually move laterally across systems and domains within an organisation, exfiltrating valuable information like login credentials, customer personal data, or intellectual property. Attackers may also target an organisation due to its vulnerabilities, such as outdated software or hardware reliance or vulnerabilities within its OS itself.
The DarkSide ransomware variant that attacked Colonial Pipeline in early May 2021 likely exploited a flaw in Microsoft Windows that allowed attackers to gain remote access and install malware remotely. Furthermore, its attackers are believed to be operating outside of Russia while running RaaS operations to distribute their own malware to affiliates.
Beating ransomware requires an effective IT defence, including educating employees about its dangers. Clicking unsolicited links, downloading malicious attachments, or engaging in time-consuming tasks (like opening Excel macros or PDFs) should all be avoided to safeguard your business against ransomware attacks. Disconnecting all devices from the network is also recommended; this will reduce any possible attacks on your network and can limit their scope; however, if a device becomes infected, it could still exist elsewhere so wireless connectivity should also be closed off at this point to ensure maximum protection.