Criminals Are Using AI For Attacks

Artificial intelligence (AI) is rapidly finding applications in nearly every walk of life. Self-driving cars, social media networks, cybersecurity companies and everything in between uses it.
 
Now, a new report published by the SHERPA consortium, an EU project, studying the impact of AI on ethics and human rights finds that while human attackers have access to machine learning techniques, they currently focus most of their efforts on manipulating existing AI systems for malicious purposes. 
 
The study’s primary focus is on how malicious actors can abuse AI, machine learning, and smart information systems. The researchers identify a variety of potentially malicious uses for AI that are well within reach of today’s attackers, including the creation of sophisticated disinformation campaigns. While the research found no definitive proof that malicious actors are currently using AI to power cyberattacks, they highlight that adversaries are already attacking and manipulating existing AI systems used by search engines, social media companies, recommendation websites, and more. 
 
Andy Patel, a researcher with the cybersercuity leaders F-Secure’s Artificial Intelligence Center of Excellence, thinks many people would find this surprising. Popular portrayals of AI insinuate it will turn against us and start attacking people on its own. But the current reality is that humans are attacking AI systems on a regular basis.
 
As reported by HelpNetSecurity Patel says “Some humans incorrectly equate machine intelligence with human intelligence, and I think that’s why they associate the threat of AI with killer robots and out of control computers.... But human attacks against AI actually happen all the time. Sybil attacks designed to poison the AI systems people use every day, like recommendation systems, are a common occurrence. There’s even companies selling services to support this behavior. So ironically, today’s AI systems have more to fear from humans than the other way around.” 
 
Sybil attacks involve a single entity creating and controlling multiple fake accounts in order to manipulate the data that AI uses to make decisions. 
 
A popular example of this attack is manipulating search engine rankings or recommendation systems to promote or demote certain pieces of content. However, these attacks can also be used to socially engineer individuals in targeted attack scenarios. “These types of attacks are already extremely difficult for online service providers to detect and it’s likely that this behavior is far more widespread than anyone fully understands,” says Patel. 
 
But perhaps AI’s most useful application for attackers in the future will be helping them create fake content. The report notes that AI has advanced to a point where it can fabricate extremely realistic written, audio, and visual content. Some AI models have even been withheld from the public to prevent them from being abused by attackers.
“At the moment, our ability to create convincing fake content is far more sophisticated and advanced than our ability to detect it. And AI is helping us get better at fabricating audio, video, and images, which will only make disinformation and fake content more sophisticated and harder to detect,” says Patel. 
 
Additional Topics addressed in the SHERPA Report Include:
 
• Adversaries will continue to learn how to compromise AI systems as the technology spreads
• The number of ways attackers can manipulate the output of AI makes such attacks difficult to detect and harden against
• Powers competing to develop better types of AI for offensive/defensive purposes may end up precipitating an “AI arms race”
• Securing AI systems against attacks may cause ethical issues (for example, increased monitoring of activity may infringe on user privacy)
• AI tools and models developed by advanced, well-resourced threat actors will eventually proliferate and become adopted by lower-skilled adversaries. 
 
HelpNetSecurity:           Project Sherpa:        EU Commission
 
You Might Also Read:
 
Fraud And The Dark Side Of AI:
 
Using The Right Technology Saves Downtime From Cyber Attacks:
 
 
 
 
« Wanted: International Cyber Standards
Cyber Attacks On Africa Are Soaring »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.

YSecurity

YSecurity

At YSecurity, we simplify compliance, prevent breaches, and help startups scale with confidence. Focus on growth—we’ll handle the security.

Datacom

Datacom

Datacom design, build and run IT systems and processes across operations, cybersecurity, cloud, digital platforms, payroll and enterprise applications.