BENGALURU: Both hackers and cyber security professionals continue to improve on the use of artificial intelligence (AI) and machine learning (ML). In a blog post on predictions and trends in the cybersecurity industry for 2024, security intelligence solutions provider Securonix says 2023 was the year that AI exploded on the public stage with the growth of large language models (LLMs) such as ChatGPT.
This trend will extend into 2024, as attacks will become more sophisticated as threat actors continue to use AI tools. Year 2024 will likely witness an increase in AI-assisted and AI-driven attacks successfully bypassing security controls such as multi-factor authentication (MFA), zero trust, and other fundamental security technologies and defences.
Security professionals will have to adapt to these attacks through the development of their own AI-based tools to create effective defences. Stressing on generative AI and deep fakes, Securonix says they have been proven to be effective in improving phishing and other social engineering attacks that bypass security protocols to access sensitive information -- 47% of Indians have been, or know people who are, victims of AI voice cloning attacks.
With both India and the US entering a major election year, deep fakes are likely to continue being prominent in cybersecurity and misinformation campaigns. Sophos, another cyber security firm, recently released two reports about the use of AI by cyber criminals.
In ‘The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI’, it demonstrates how, in the future, scammers could leverage technologies such as ChatGPT to conduct fraud on a massive scale with minimal technical skills.
However, in another report titled ‘Cybercriminals Can’t Agree on GPTs’, it says that some cybercriminals are skeptical about using AI for their attacks. “While there’s been significant concern about the abuse of AI and LLMs by cybercriminals since the release of ChatGPT, our research has found that, so far, threat actors are more skeptical than enthused. Across two of the four forums on the dark web we examined, we only found 100 posts on AI. Compare that to cryptocurrency where we found 1,000 posts for the same period,” says Christopher Budd, director, X-Ops research, Sophos.