Cybercriminals embracing AI

May 2024 Information Security, Security Services & Risk Management

Across the globe, organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still trying to figure out how best to use AI, cybercriminals have fully embraced it.

Whether they are creating AI-enhanced malware (that enables them to steal sensitive data more efficiently, while evading anti-virus software) or using generative AI tools to roll out more sophisticated phishing campaigns at scale, the technology looks set to have a massive impact on cybercrime. As an example of how significant AI’s impact has already been, SlashNext’s State of Phishing Report 2023 puts the 1 265% increase in phishing emails largely down to targeted business email compromises using AI tools.

For businesses, this increase in cybercrime activity comes with significant risks. Those risks do not just include the compromising of customer data either. Cyberattacks also come with reputational and financial risks and even legal liabilities. Therefore, organisations must do everything in their power to ready themselves for the onslaught of cybercriminals using AI tools. That includes ensuring that their own AI use is safe and responsible.

Massively enhanced innovation, automation, and scalability

Before examining how organisations can do so, it is worth discussing what cybercriminals get from AI tools. For the most part, it is the same thing as legitimate businesses and other entities are trying to get out of it: significantly enhanced innovation, automation, and scalability.

When it comes to innovation and automation, cybercriminals have built several kinds of AI-enhanced automated hacking tools. These tools allow them to, amongst other things, scan for system vulnerabilities, launch automated attacks, and exploit weaknesses without innovation. Automation can, however, also be applied to social engineering attacks. Whilst a human-written phishing email is more likely to be opened, an AI-written version takes a fraction of the time to put together.

All of that adds up to a situation where cybercriminals can launch many more attacks more frequently. That means more successful breaches, with more chances to sell stolen data or extort businesses for money in exchange for the return of that data.

Those increased breaches come at a cost. According to IBM’s 2023 Cost of a Data Breach Report, the average breach cost in South Africa is now ZAR 49,45 million. However, that does not take into account reputational damage and lost consumer trust. Those costs also do not account for the legal trouble an organisation can find itself in if it has not properly safeguarded its customers’ data and violated relevant data protection legislation or regulations such as the Protection of PersonaI Information Act or the GDPR.

Education, upskilling, and up-to-date policies

It is clear then that cybercriminals' widespread adoption of AI tools has significant implications for entities of all sizes. What should organisations do in the face of this mounting threat?

A good start is for businesses to ensure that they are using cybersecurity tools capable of defending against AI-enhanced attacks. As any good cybersecurity expert will tell you, however, these tools can only take you so far.

For organisations to give themselves the best possible chance of defending themselves against cyberattacks, they must also invest heavily in education. That does not just mean ensuring that employees know about the latest threats but also inculcating good organisational digital safety habits. This would include enabling multi-factor authentication on devices and encouraging people to change passwords regularly.

It is also essential that businesses keep their policies up to date. This is especially important in the AI arena. There is a very good chance, for example, that employees in many organisations are logging in to tools like ChatGPT using their personal email addresses and using such tools for work purposes. If their email is then compromised in an attack, sensitive organisational data could find itself in dangerous hands.

Make changes now

Ultimately, organisations must recognise that AI is not a looming cybersecurity threat, but an active one. As such, they must start putting everything they can in place to defend against it. That means putting the right tools, education, and policies in place. Failure to do so comes with risks that no business should ever consider acceptable.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Create order from chaos
Information Security
The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyberthreats are growing in complexity and frequency, demanding sophisticated solutions that not only detect, but also prevent, malicious activities effectively.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.