Europol Warning Of The Growing AI Cyber Threat

Uploaded on 2020-12-16 in TECHNOLOGY--Developments, TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Europol and the United Nations (UN) have released an alarming report detailing how cyber criminals are using malicious targeting and abuse of Artificial Intelligence (AI) technology to conduct cyber attacks. The report predicts that AI will become increasingly popular among cyber criminals who are beginning to use it it for targeting their victims and to maximise their hacking operations.

Cyber criminals are not only looking for ways to use AI tools in attacks, but also methods via which to compromise or sabotage existing AI systems, like those used in image and voice recognition and malware detection.

Compiled with help from Trend Micro, the Malicious Uses and Abuses of Artificial Intelligence Report predicts AI will in the future be used as both attack vector and attack surface. AI-supported ransomware attacks could feature clever targeting and evasion, and self-propagation at higher pace to cripple target networks in advance of they’ve experienced a prospect to respond.

The report also warned that, while deepfakes are the most talked about malicious use of AI, there are many other use cases which could be under development.

These include Machine Learning or AI systems designed to produce highly convincing and customised social engineering content at scale, or perhaps to automatically identify the high-value systems and data in a compromised network that should be exfiltrated.

AI-supported ransomware attacks often feature intelligent targeting and evasion and self-propagation at high speed to cripple victim networks before they’ve had a chance to react. By finding blind spots in detection methods,  algorithms can also highlight where attackers can hide safe from discovery. 

The report highlights multiple areas where industry and law enforcement can come together to pre-empt the risks highlighted earlier. These include the development of AI, which is being used as a crime fighting tool and new ways to build resilience into existing AI systems to mitigate the threat of sabotage. The Report says “using AI to improve and optimise the effectiveness of criminal operations can be applied to any other scam as well, such as regular email phishing...  ML, in particular, is already being applied to improve the success rates of any corporate endeavor from sales to marketing. 

As an example, the report visualises, a  phishing operation targeted at banks that adds a small tag on emails or embedded phishing links. When the potential victim receives the email, the scammer would know whether the receiver has seen it and if the link has been clicked on. The scammer would also learn whether any personal information has been entered on the phishing page, along with the quality of that information.

By correlating all this data, the scammer can form a clear  picture of what kind of emails are more successful for each bank.  ​Using these method, criminals would learn which email databases are more likely to elicit good success rates versus those databases that have been reused repeatedly and would no longer produce good results for the hackers.

Eurpol:      Trend Micro:     Oodaloop:         Infosecurity Magazine:

You Might Also Read:

Criminal Use Of  Artificial Intelligence:

 

« Practice Makes Protected – CYRIN’s Tools Packages
Business Cyber Security Spending In 2021 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

VTT Technical Research Centre of Finland

VTT Technical Research Centre of Finland

VTT is the leading research and technology company in the Nordic countries. Areas of activity include cyber security.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.

Cyber Castellum

Cyber Castellum

Cyber Castellum is a cybersecurity consulting firm that specializes in the identification of security vulnerabilities in an organization’s technology landscape.

CyberHive

CyberHive

CyberHive offer a complete suite of threat protection modules that seamlessly integrate to block current, as well as future threats.