Criminals Are Using AI For Attacks

Artificial intelligence (AI) is rapidly finding applications in nearly every walk of life. Self-driving cars, social media networks, cybersecurity companies and everything in between uses it.
 
Now, a new report published by the SHERPA consortium, an EU project, studying the impact of AI on ethics and human rights finds that while human attackers have access to machine learning techniques, they currently focus most of their efforts on manipulating existing AI systems for malicious purposes. 
 
The study’s primary focus is on how malicious actors can abuse AI, machine learning, and smart information systems. The researchers identify a variety of potentially malicious uses for AI that are well within reach of today’s attackers, including the creation of sophisticated disinformation campaigns. While the research found no definitive proof that malicious actors are currently using AI to power cyberattacks, they highlight that adversaries are already attacking and manipulating existing AI systems used by search engines, social media companies, recommendation websites, and more. 
 
Andy Patel, a researcher with the cybersercuity leaders F-Secure’s Artificial Intelligence Center of Excellence, thinks many people would find this surprising. Popular portrayals of AI insinuate it will turn against us and start attacking people on its own. But the current reality is that humans are attacking AI systems on a regular basis.
 
As reported by HelpNetSecurity Patel says “Some humans incorrectly equate machine intelligence with human intelligence, and I think that’s why they associate the threat of AI with killer robots and out of control computers.... But human attacks against AI actually happen all the time. Sybil attacks designed to poison the AI systems people use every day, like recommendation systems, are a common occurrence. There’s even companies selling services to support this behavior. So ironically, today’s AI systems have more to fear from humans than the other way around.” 
 
Sybil attacks involve a single entity creating and controlling multiple fake accounts in order to manipulate the data that AI uses to make decisions. 
 
A popular example of this attack is manipulating search engine rankings or recommendation systems to promote or demote certain pieces of content. However, these attacks can also be used to socially engineer individuals in targeted attack scenarios. “These types of attacks are already extremely difficult for online service providers to detect and it’s likely that this behavior is far more widespread than anyone fully understands,” says Patel. 
 
But perhaps AI’s most useful application for attackers in the future will be helping them create fake content. The report notes that AI has advanced to a point where it can fabricate extremely realistic written, audio, and visual content. Some AI models have even been withheld from the public to prevent them from being abused by attackers.
“At the moment, our ability to create convincing fake content is far more sophisticated and advanced than our ability to detect it. And AI is helping us get better at fabricating audio, video, and images, which will only make disinformation and fake content more sophisticated and harder to detect,” says Patel. 
 
Additional Topics addressed in the SHERPA Report Include:
 
• Adversaries will continue to learn how to compromise AI systems as the technology spreads
• The number of ways attackers can manipulate the output of AI makes such attacks difficult to detect and harden against
• Powers competing to develop better types of AI for offensive/defensive purposes may end up precipitating an “AI arms race”
• Securing AI systems against attacks may cause ethical issues (for example, increased monitoring of activity may infringe on user privacy)
• AI tools and models developed by advanced, well-resourced threat actors will eventually proliferate and become adopted by lower-skilled adversaries. 
 
HelpNetSecurity:           Project Sherpa:        EU Commission
 
You Might Also Read:
 
Fraud And The Dark Side Of AI:
 
Using The Right Technology Saves Downtime From Cyber Attacks:
 
 
 
 
« Wanted: International Cyber Standards
Cyber Attacks On Africa Are Soaring »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

TÜV Informationstechnik (TÜViT)

TÜV Informationstechnik (TÜViT)

TÜViT is a leading service provider in the IT sector offering unbiased and independent tests and certifications of IT products, hardware, software, systems and processes.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.

Grypho5

Grypho5

Grypho5 offers managed packages to protect where threat actors strike most. We defend your infrastructure dynamically, leaving you to focus on other priorities.