Europol Warning Of The Growing AI Cyber Threat

Europol and the United Nations (UN) have released an alarming report detailing how cyber criminals are using malicious targeting and abuse of Artificial Intelligence (AI) technology to conduct cyber attacks. The report predicts that AI will become increasingly popular among cyber criminals who are beginning to use it it for targeting their victims and to maximise their hacking operations.

Cyber criminals are not only looking for ways to use AI tools in attacks, but also methods via which to compromise or sabotage existing AI systems, like those used in image and voice recognition and malware detection.

Compiled with help from Trend Micro, the Malicious Uses and Abuses of Artificial Intelligence Report predicts AI will in the future be used as both attack vector and attack surface. AI-supported ransomware attacks could feature clever targeting and evasion, and self-propagation at higher pace to cripple target networks in advance of they’ve experienced a prospect to respond.

The report also warned that, while deepfakes are the most talked about malicious use of AI, there are many other use cases which could be under development.

These include Machine Learning or AI systems designed to produce highly convincing and customised social engineering content at scale, or perhaps to automatically identify the high-value systems and data in a compromised network that should be exfiltrated.

AI-supported ransomware attacks often feature intelligent targeting and evasion and self-propagation at high speed to cripple victim networks before they’ve had a chance to react. By finding blind spots in detection methods,  algorithms can also highlight where attackers can hide safe from discovery. 

The report highlights multiple areas where industry and law enforcement can come together to pre-empt the risks highlighted earlier. These include the development of AI, which is being used as a crime fighting tool and new ways to build resilience into existing AI systems to mitigate the threat of sabotage. The Report says “using AI to improve and optimise the effectiveness of criminal operations can be applied to any other scam as well, such as regular email phishing...  ML, in particular, is already being applied to improve the success rates of any corporate endeavor from sales to marketing. 

As an example, the report visualises, a  phishing operation targeted at banks that adds a small tag on emails or embedded phishing links. When the potential victim receives the email, the scammer would know whether the receiver has seen it and if the link has been clicked on. The scammer would also learn whether any personal information has been entered on the phishing page, along with the quality of that information.

By correlating all this data, the scammer can form a clear  picture of what kind of emails are more successful for each bank.  ​Using these method, criminals would learn which email databases are more likely to elicit good success rates versus those databases that have been reused repeatedly and would no longer produce good results for the hackers.

Eurpol:      Trend Micro:     Oodaloop:         Infosecurity Magazine:

You Might Also Read:

Criminal Use Of  Artificial Intelligence:

 

« Practice Makes Protected – CYRIN’s Tools Packages
Business Cyber Security Spending In 2021 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

Infosec Train

Infosec Train

Infosec Train provide professional training, certifications & professional services related to all spheres of Information Technology and Cyber Security.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.