What Can Be Done About Cyber Threat Actors Weaponizing AI?

Uploaded on 2024-04-29 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

With Generative Artificial Intelligence (GenAI) capabilities growing at an unprecedented rate, it is highly likely that this technology will be leveraged by more sophisticated malicious cyber operators, at both the nation state and cybercriminal level, to compromise the security and integrity of target systems.

Cyber threat actors have numerous GenAI tools at their disposal, ranging from deepfake videos and voice cloning to AI-generated SMS messages that can be compiled to implement a variety of cyber-attack vectors.

These include scaled social engineering and phishing campaigns, as well as enhanced distributed denial-of-service (DDoS) attacks to manipulate voters and disrupt the operation of election-themed websites. 

GenAI is an attractive option for politically driven and nation state-sponsored threat actors due to scalability, reduced cost, speed of implementation and the ability to deploy advanced malware payloads against electoral systems that can evade defensive measures. To defend against state-backed AI-driven threats, more specific measures will be required depending on the attack vector at the disposal of the threat actor.

To defend against AI-based phishing and social engineering operations, it will be critical for government bodies and businesses to:

  • Establish robust authentication protocols, such as Multifactor Authentication (MFA).
  • Create email authentication protocols, such as Domain-based Message Authentication.
  • Limit social media attack surfaces by applying strong privacy policies and removing personally identifiable information (PII) from profiles.
  • Transition to zero-trust security principles to prevent unauthorized users accessing sensitive data and services.

Transparent and effective policies should be implemented to strike a balance between responsibility whilst simultaneously cultivating innovation within the global technology sector.

With emerging technologies, such as AI, there is a tendency to either let them run until problems emerge and then rely on reactive measures. This is not ideal as regulations are often too severe. Being open about self-regulation of AI technologies would represent an opportunity to strike the balance between restricting access to ensure safety but not hampering innovation. A minimal regulation approach should be adopted to allow for AI technologies to develop safety whilst ensuring the safety of the wider public.

As AI continues to become more widespread throughout all walks of life, it is becoming increasingly clear that we need to seriously consider the ethical implications.

The tech community can stay grounded in human values as capabilities rapidly advance by adhering to some key principles:

  • Transparency, requiring that the decision-making process behind AI systems is open and understandable.
  • Trust and explainability, particularly regarding the implementation into critical sectors such as healthcare and finance. Users need to be assured that they can trust that AI systems are making decisions in their best interest and based on ethical principles.
  • Human values. Finally, it is crucial to ensure that these AI systems prioritise human values and well-being. With human-based AI aiming to create intelligent machines and algorithms that collaborate with humans to improve lives and society, this approach should involve designing AI that considers the impact on individuals and key aspects of society, such as privacy, security, equity, and transparency.

In addition, there’s so much we can gain with GenAI technology. Here are a few examples: 

Future Opportunities with GenAI in Cybersecurity:

  • Enhancing threat intelligence and predictive capabilities.
  • Automating security protocols for quicker response.
  • Training cybersecurity professionals using realistic AI-driven simulations.

Positive Aspects of Evolving Cybersecurity Measures:

  • AI-driven behavioral analytics for understanding user behavior and improving security user experience.
  • Automated patch management and proactive threat hunting.

Constructive Role of Tech Companies in AI Governance:

  • Contributions to open-source AI projects from across the threat intelligence space.
  • Involvement in AI education and ethical research to build the human skills we need.
  • Setting benchmarks for ethical AI usage and responsible innovation.

Balancing Innovation and Safety in AI:

  • Encouraging responsible innovation to address challenges.
  • AI ethics boards and collaborative research efforts for safe AI development - noting Microsoft's leadership in this space.

AI Enhancing Human Values and Societal Benefits:

  • AI applications personalized for organizations to understand their business uniquely.
  • Enrichment beyond security, with aligned compliance posture and exposure for real-time evaluations.

Graham Hosking is Solutions Director for Data Security & AI at Quorum Cyber

Image: Mariia Shalabaieva

You Might Also Read: 

Important Differences Between Different Types Of Artificial Intelligence:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« AWS & Google Agree To Drop Cloud Service Exit Fees
Protecting OT With MDR »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Chestnut Hill Technologies (CHT)

Chestnut Hill Technologies (CHT)

CHT provide Best Practices IT Cybersecurity and Technology Solutions and Consulting Support to the Mid Cap through Fortune 1000 Nationwide.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.