Artificial Intelligence is making life easier for cyber criminals

Indelible Data offers a range of packages for Cyber Essentials certification.

Attackers are constantly adapting to new technologies so, as we go into 2024, it is important to be aware of new as well as existing cyber security threats that you could be targeted by, writes Cyber Security Technologist Tyson McGuirk.

Artificial Intelligence has been the centrepiece of a large amount of media attention, especially in the last year. Inevitably, this has also affected the cyber security world. The NCSC even released guidance specifically for AI related threats.

Until recently, a sophisticated phishing email would be rare as most could easily be identified due to poor grammar. Attackers tend not to send such emails to the country in which they reside in fear of getting caught and it is unlikely a foreign country would prosecute them.

However, with the advent of AI, this has changed. Now any attacker can simply ask AI to write the email for them, which it is able to do in very sophisticated and convincing ways. This makes it much easier to fool users into divulging information.

Unfortunately, this isn’t where the issues with AI end. AI learning models can be fed information to imitate voices, this is especially dangerous for people like CEO’s where there may be lots of recordings and information about them freely available from the internet. As this technology has only recently reached the public eye, most people may not even be aware of its existence, or its sophistication, so may be more easily caught out by these kinds of scams.

AI has removed barriers for criminals as they require less skill to initiate attacks, so more people are likely to attempt to do this. Its use as a learning tool means that it is much easier to learn very basic hacking skills, so the number of low-level attacks may increase.

Moving away from AI, there are still many other threats given the changing scene of the IT world. The general shift towards the cloud means that there is an increased attack surface for attackers that would not have been there with traditional on-premise networks.

The responsibility in the cloud is also then split between the company and the cloud service provider. Companies are reliant on their cloud service provider’s security as well as their own, and companies often have multiple cloud service providers. If a cloud service suffers a data breach, this could potentially put many companies at risk. This is why it is vital that passwords are not re-used between accounts, and Multi Factor Authentication is always enabled where possible, to minimise risk if a company is breached.

Malware continues to be one of the most common threats in cyber security – 96% of all malware is installed via a phishing attack. This is why it is vital to be questioning of any email that is either unexpected or is asking you to click on any links or open attachments.

Overall, the advent of AI has led to the cyber security field being somewhat of a malleable landscape. Technology is constantly evolving and we’re still very much in the infancy of AI in both its application to cyber security and the sophistication of AI itself.