Nation State Hackers Deploy AI

Uploaded on 2024-02-29 in FREE TO VIEW

Cyber security is undergoing a massive transformation with Artificial intelligence (AI) is at the forefront of this change, posing both a threat and an opportunity.  AI has the potential to empower organisations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response.

However, adversaries can use AI as part of their exploits. It’s never been more critical for us to design, deploy, and use AI securely.

Now, Microsoft says it has detected threats from foreign countries that used or attempted to exploit generative AI it had developed. State-backed hackers from Russia, China, and Iran have been using tools from Microsoft-backed OpenAI to improve their skills, according to a recent Microsoft Report.

While computer users of all stripes have been experimenting with large language models to help with programming tasks, translate phishing emails and assemble attack plans, the new report is the first to associate top-tier government hacking teams with specific uses of the Large Language Model training technology used to create Generative AI. .

It’s also the first report on countermeasures and comes amid a continuing debate about the risks of the rapidly developing technology and efforts by many countries to put some limits on its use.

US adversaries, chiefly Iran and N. Korea, and to a lesser extent Russia and China, are beginning to use Generative Artificial Intelligence to mount or organise offensive cyber operations, Microsoft has recently said.

Microsoft said it detected and disrupted, in collaboration with business partner OpenAI, many threats that used or attempted to exploit AI technology they had developed.

In a blogpost the company said the techniques were “early-stage” and neither “particularly novel or unique” but that it was important to expose them publicly as US rivals leveraging large-language models to expand their ability to breach networks and conduct influence operations.

Cyber security firms have long used machine-learning on defence, principally to detect anomalous behaviour in networks. But criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI’s ChatGPT upped that game of cat-and-mouse.

Microsoft has invested billions of dollars in OpenAI, and it’s announcement coincided with its release of a report noting that generative AI is expected to enhance malicious social engineering, leading to more sophisticated deepfakes and voice cloning.

This is a threat to democracy in a year where over 50 countries will conduct elections, magnifying disinformation and already occurring.

Microsoft has provided some examples. In each case it said all generative AI accounts and assets of the named groups were disabled.

  • The North Korean cyber-espionage group known as Kimsuky has used the models to research foreign thinktanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.
  • Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in trouble-shooting software errors and even in studying how intruders might evade detection in a compromised network.

That includes generating phishing emails “including one pretending to come from an international development agency and another attempting to lure prominent feminists to an attacker-built website on feminism”. The AI helps accelerate and boost the email production.

  • The Russian GRU military intelligence unit known as Fancy Bear has used the models to research satellite and radar technologies that may relate to the war in Ukraine.
  • The Chinese cyber-espionage group known as Aquatic Panda – which targets a broad range of industries, higher education and governments from France to Malaysia – has interacted with the models “in ways that suggest a limited exploration of how LLMs can augment their technical operations”.

The Chinese group Maverick Panda, which has targeted US defence contractors amongst other sectors for more than a decade, had interactions with large-language models suggesting it was evaluating their effectiveness as a source of information “on potentially sensitive topics, high profile individuals, regional geopolitics, US influence, and internal affairs”.

In another blog OpenAI said its current GPT-4 model chatbot offers “only limited, incremental capabilities for malicious cybersecurity tasks beyond what is already achievable with publicly available, non-AI powered tools”.

Cyber Security Researchers Expect This To Change

Last April, the director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, told Congress that “there are two epoch-defining threats and challenges. One is China, and the other is artificial intelligence.” Easterly said at the time that the US needed to ensure AI is built with security in mind.

Critics of the public release of ChatGPT in November 2022  argue it was irresponsibly hasty, considering security was largely an afterthought in their development. “Of course bad actors are using large-language models – that decision was made when Pandora’s Box was opened,” said Amit Yoran, chief executive of the cyber security firm Tenable.

Some cybersecurity professionals complain about Microsoft’s creation and marketing of tools to address vulnerabilities in large-language models when it might more responsibly focus on making them more secure.

Former AT&T chief security officer Edward Amoroso has observed that while the use of AI and large-language models may not pose an immediately obvious threat, they “will eventually become one of the most powerful weapons in every nation-state military’s offense”.

The Guardian   |   Microsoft     |   Open AI    |   Reuters     |   Washington Post   |  Microsoft     |    Microsoft

Image: Unsplash 

You Might Also Read: 

The Data Privacy Risks Of Generative AI:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« US Navy Will Use Data Analytics For Maritime Security
Data Breach - Bank of America Warns Clients & Customers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija is the national accreditation body for Slovenia. The directory of members provides details of organisations offering certification services for ISO 27001.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.