AI making cyberattacks more effective

2023-08-09
关注

  •  

Hackers are becoming more successful in their cyberattacks thanks to recent advances in AI and the newfound availability of automation tools like OpenAI’s ChatGPT, says NordVPN’s chief technology officer, Marijus Briedis. In a recent statement, Briedis observed that the ability of generative AI to create realistic forms, documents and emails that mirror a company style is making it harder to detect the malicious from the real.

Tools like ChatGPT and Google's Bard allow hackers to create more personalised phishing content (Photo:  Ascannio / Shutterstock.com)
Tools like ChatGPT and Google’s Bard allow hackers to create more personalised phishing content. (Photo by Ascannio/Shutterstock.com)

Since the launch of ChatGPT by OpenAI in November last year, companies and individuals alike have looked to capitalise on the potential of general-purpose AI. Microsoft, Google and Salesforce have deployed it throughout their products and the cybersecurity industry is using it to monitor network traffic and create early warning systems.

A recent report by IBM found that AI-powered security tools were significantly reducing the cost and impact of a data breach. Big Blue found that a breach without AI cost an average of £3.4m, but one using AI would be reduced to about £1.8m.

The problem, says NordVPN’s Briedis, is that the hackers have access to the same tools and other AI models. He said the number of cyberattacks being detected had doubled since November last year – when ChatGPT launched – and they have become more sophisticated due to the use of AI.

“Hackers learned how to use AI to increase the capacity of their work and make their job easier, quicker and more effective,” Briedis said in a statement released earlier today. “The utilisation of AI tools has facilitated the automation of a significant portion of phishing attacks.” In future, concluded NordVPN’s CTO, this is likely to only escalate and increase the frequency and severity of breaches.

Risk from employees

Cybercriminals are using AI in two main ways: to create higher-quality and more personalised phishing content, and to create malware code more closely adapted to the system they are trying to break into. Additionally, the newfound ability of hackers to use large language models (LLMs) to adapt documents or write original-sounding emails with real company data in real time has made it harder for cybersecurity experts to register such materials as fakes. As such, these items are more likely to be trusted, with more users unwittingly following malicious links or downloading malware.

Another problem, however, may arise from employees freely inputting company data into systems like ChatGPT.

“As AI systems become more prevalent, there is an increased risk of mishandling or misusing sensitive data,” said Briedis. If an employee uses a public AI tool to write a report from confidential data, that data could theoretically be used to further train and fine-tune that AI model. This already seems to be happening.

Content from our partners

AI will equip the F&B industry for a resilient future

AI will equip the F&B industry for a resilient future

Insurance enterprises must harness the powers of data collaboration to achieve their commercial potential

Insurance enterprises must harness the powers of data collaboration to achieve their commercial potential

How tech teams are driving the sustainability agenda across the public sector

How tech teams are driving the sustainability agenda across the public sector

According to a report from Cyberhaven published earlier this year, 11% of data pasted into ChatGPT by employees looking to save time was confidential corporate information. In the future, this data could be theoretically accessible to anyone using AI, as it will be included in the general mix of data in its memory. Hackers could then use that future model to craft even more convincing cyberattacks.

View all newsletters Sign up to our newsletters Data, insights and analysis delivered to you By The Tech Monitor team

“Once you get a phishing email with information that is supposed to be confidential, there is a big chance that you will fall into the trap,” argued Briedis.

OpenAI and other AI labs offer an enterprise solution where they refrain from using any such input data to retrain the model. There are also a number of enterprise-friendly solutions from companies like Databricks and IBM that are trained on company data and only accessible to employees of the company. This solves the issue of confidential data from a company potentially being accessible on a public platform, but there are other ways hackers are utilising AI.

However, text, images and reports are not the only items that have been improved by AI, according to Briedis. Hackers are also using LLMs to hone the code they use to steal information for a ransomware attack or shut down systems.

In so doing, cybercriminals can adapt and personalise malware much faster, as well as automate tasks like reconnaissance for monitoring changes or attempts to remove said malware. Hackers can also use AI for scaling up attacks, using large automated botnets for brute-force attacks on corporate systems.

“With this kind of automation, hackers are seriously challenging traditional cybersecurity tools and exploiting their vulnerabilities,” Briedis said.

As such, NordVPN’s CTO recommends companies ensure employees double-check URLs, verify senders and email content before opening files or clicking links and have the most recent software updates and security software in place.

Read more: Most AI training data could be synthetic by next year

Topics in this article : AI , Cybersecurity

  •  

  • en
您觉得本篇内容如何
评分

相关产品

EN 650 & EN 650.3 观察窗

EN 650.3 version is for use with fluids containing alcohol.

Acromag 966EN 温度信号调节器

这些模块为多达6个输入通道提供了一个独立的以太网接口。多量程输入接收来自各种传感器和设备的信号。高分辨率,低噪音,A/D转换器提供高精度和可靠性。三路隔离进一步提高了系统性能。,两种以太网协议可用。选择Ethernet Modbus TCP\/IP或Ethernet\/IP。,i2o功能仅在6通道以太网Modbus TCP\/IP模块上可用。,功能

雷克兰 EN15F 其他

品牌;雷克兰 型号; EN15F 功能;防化学 名称;防化手套

Honeywell USA CSLA2EN 电流传感器

CSLA系列感应模拟电流传感器集成了SS490系列线性霍尔效应传感器集成电路。该传感元件组装在印刷电路板安装外壳中。这种住房有四种配置。正常安装是用0.375英寸4-40螺钉和方螺母(没有提供)插入外壳或6-20自攻螺钉。所述传感器、磁通收集器和壳体的组合包括所述支架组件。这些传感器是比例测量的。

TMP Pro Distribution C012EN RF 音频麦克风

C012E射频从上到下由实心黄铜制成,非常适合于要求音质的极端环境,具有非常坚固的外壳。内置的幻像电源模块具有完全的射频保护,以防止在800 Mhz-1.2 Ghz频段工作的GSM设备的干扰。极性模式:心形频率响应:50赫兹-18千赫灵敏度:-47dB+\/-3dB@1千赫

ValueTronics DLRO200-EN 毫欧表

"The DLRO200-EN ducter ohmmeter is a dlro from Megger."

评论

您需要登录才可以回复|注册

提交评论

广告

techmonitor

这家伙很懒,什么描述也没留下

关注

点击进入下一篇

How Next Gen Connectivity Solutions Power Global Mining

提取码
复制提取码
点击跳转至百度网盘