A Double-Edged Sword in Cybersecurity
In recent years, the landscape of cybersecurity has undergone significant transformation, particularly with the adoption of artificial intelligence (AI) and automation by both defenders and attackers. The ReliaQuest Annual Cyber-Threat Report: 2024 highlights an alarming trend: threat actors are increasingly leveraging AI and automation to enhance the efficiency and effectiveness of their attacks. This includes the development of malicious versions of AI models, like ChatGPT, which are being used to generate malware, conduct denial of service (DoS) attacks, and even write HTML code for phishing pages.
The implications of these developments are profound. By utilizing AI, threat actors can automate various stages of their attack chains, such as exploiting vulnerabilities like the Citrix Bleed (CVE-2023-4966), thereby increasing the speed and scale of attacks. For instance, AI-driven models named WormGPT and FraudGPT have been developed, capable of automating tasks that previously required significant human effort and technical knowledge.
Rising Extortion and Sophisticated Attacks
The report also sheds light on the sharp rise in extortion activities, with a record number of entities named on extortion data-leak websites. The use of “double extortion” tactics, where attackers not only encrypt an organization’s data but also threaten to release it publicly if the ransom is not paid, continues to rise. Notably, the LockBit ransomware group has set a new record by naming over a thousand entities within a year.
Furthermore, the proliferation of AI tools among cybercriminals is enhancing their capability to carry out sophisticated social engineering attacks. Phishing remains a dominant method for gaining initial access to networks, with advancements in AI enabling the creation of more convincing phishing lures and scenarios.
The ReliaQuest report explains, “GenAI also has the potential to automate spearphishing tactics used in BEC. Machine-learning algorithms can analyze vast amounts of personal information available online, to create personalized profiles of victims. By ‘learning’ a target’s preferences, relationships, and activities, AI systems can craft highly deceptive emails.”
Proactive Defense Strategies
In response to these evolving threats, organizations are urged to integrate AI and machine learning into their cybersecurity strategies for a more proactive defense. By leveraging AI, organizations can enhance their detection capabilities, automate responses to security incidents, and conduct more comprehensive behavioral analytics to identify suspicious activities early.
To effectively counter the threats discussed in the report, ReliaQuest advises security defenders to adopt a multi-layered defense strategy. This includes strengthening email security, implementing robust removable-media policies, and securing public-facing assets through rigorous testing and patching. Additionally, adopting advanced detection and response technologies that can identify and mitigate AI-powered attacks is crucial.
The Dual Use of AI in Cybersecurity
The dual use of AI in cybersecurity presents both opportunities and challenges.
While AI can significantly enhance an organization’s ability to defend against attacks, it also enables attackers to execute more sophisticated and automated attacks. The ongoing arms race between cyber defenders and attackers underscores the need for continuous innovation in cybersecurity strategies and the adoption of advanced technologies to keep pace with the evolving threat landscape.
By staying informed about AI-driven cyber threats and proactively integrating AI into cybersecurity practices, organizations can better prepare themselves to face these emerging challenges. The key to success lies in leveraging AI not just for defense, but also for gaining a deeper understanding of threat actors’ tactics, techniques, and procedures, thereby enabling a more informed and effective response to cyber threats.