Europol Warning Of The Growing AI Cyber Threat

Europol and the United Nations (UN) have released an alarming report detailing how cyber criminals are using malicious targeting and abuse of Artificial Intelligence (AI) technology to conduct cyber attacks. The report predicts that AI will become increasingly popular among cyber criminals who are beginning to use it it for targeting their victims and to maximise their hacking operations.

Cyber criminals are not only looking for ways to use AI tools in attacks, but also methods via which to compromise or sabotage existing AI systems, like those used in image and voice recognition and malware detection.

Compiled with help from Trend Micro, the Malicious Uses and Abuses of Artificial Intelligence Report predicts AI will in the future be used as both attack vector and attack surface. AI-supported ransomware attacks could feature clever targeting and evasion, and self-propagation at higher pace to cripple target networks in advance of they’ve experienced a prospect to respond.

The report also warned that, while deepfakes are the most talked about malicious use of AI, there are many other use cases which could be under development.

These include Machine Learning or AI systems designed to produce highly convincing and customised social engineering content at scale, or perhaps to automatically identify the high-value systems and data in a compromised network that should be exfiltrated.

AI-supported ransomware attacks often feature intelligent targeting and evasion and self-propagation at high speed to cripple victim networks before they’ve had a chance to react. By finding blind spots in detection methods,  algorithms can also highlight where attackers can hide safe from discovery. 

The report highlights multiple areas where industry and law enforcement can come together to pre-empt the risks highlighted earlier. These include the development of AI, which is being used as a crime fighting tool and new ways to build resilience into existing AI systems to mitigate the threat of sabotage. The Report says “using AI to improve and optimise the effectiveness of criminal operations can be applied to any other scam as well, such as regular email phishing...  ML, in particular, is already being applied to improve the success rates of any corporate endeavor from sales to marketing. 

As an example, the report visualises, a  phishing operation targeted at banks that adds a small tag on emails or embedded phishing links. When the potential victim receives the email, the scammer would know whether the receiver has seen it and if the link has been clicked on. The scammer would also learn whether any personal information has been entered on the phishing page, along with the quality of that information.

By correlating all this data, the scammer can form a clear  picture of what kind of emails are more successful for each bank.  ​Using these method, criminals would learn which email databases are more likely to elicit good success rates versus those databases that have been reused repeatedly and would no longer produce good results for the hackers.

Eurpol:      Trend Micro:     Oodaloop:         Infosecurity Magazine:

You Might Also Read:

Criminal Use Of  Artificial Intelligence:

 

« Practice Makes Protected – CYRIN’s Tools Packages
Business Cyber Security Spending In 2021 »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Quadron  Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

Concentric AI

Concentric AI

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.