How Cyber Criminals Use AI to Power Their Attacks

Cybercrime has been on a steady growth trajectory at least since the beginning of the decade. The past few years have been particularly rough on small businesses that have had their data ransomed, stolen, or sold on the dark web. Large organizations aren’t off the hook either when it comes to cyber crime.

Take the 2020 SolarWinds hack, for example. Perpetrators released malicious code into the company’s product’s (Orion) updates. The breach affected thousands of corporate and government users. With AI deployment in cyber crime, however, attacks that are predominantly perpetrated through human engagement pale in comparison.

Generative AI and machine learning programs are seeing increasing applications in creating highly effective malware programs and launching more sophisticated social engineering email campaigns with devastating results. In this post, we shed a light on how cyber criminals are using AI to power their attacks and how to protect yourself from harm.

How AI is Unleashing a New Dawn of Sophisticated Cyber Crime

As AI grows popular by the day, cyber criminals have sought out ways to bend the technology to serve their own interests. And at a time when everyone can have access to AI software at low cost, anyone can become a potential threat.

Some ways hackers use AI to power their attacks include increasing the scale and scope of their attacks. Other malicious actors leverage the technology in targeting new user demographics. Here, various types of sensitive user data are at risk. These include financial, personal data, or confidential intellectual property. 

1. Launching Well Coordinated Malware Attacks

An area where AI can be used to power criminal activities is in the development of malware. AI algorithms analyze existing system vulnerabilities and develop new variants of nearly undetectable malware. For organizations using traditional antivirus systems, this means a potential large-scale disruption of computer systems, loss of sensitive personal information, and consequent heavy legal implications.

Research by IBN security found that organizations risk losing USD 4.35 million per incident – a heavy price for small organizations that become victim.

2. High-Precision Phishing Attacks

Generative AI models such as ChatGPT are manipulated by cyber criminals to create complex phishing attacks and fake customer support chat bots that trick innocent victims into sharing personal and sensitive information, login credentials, and banking details with bad actors.

Cyber criminals use AI to create highly convincing and less suspicious phishing emails, social media messages and phone calls that seem almost human. Case in point, AI tricking victims into compromising their network’s security has proven effective. Global syndicates can use AI to generate mass volumes of phishing emails and increase their efficiency.

~ AI-powered cyber attacks have a high success rate, with nearly 80% of people opening AI-generated phishing emails.

3. Network Intrusion

AI has also found increasing applications in penetrating seemingly “safe” networks in a matter of hours. One documented instance happened when an unnamed manufacturer of computer components hired IBM’s X-Force penetration-testing team to breach its network; a task that was completed in merely eight hours.

Malicious actors are exploring new ways to use artificial intelligence for network intrusion. For instance, AI can be used to analyze flaws within your organization’s threat detection systems. The information collected about such vulnerabilities is then used in the development of malware that can bypass your intrusion detection system.

4. Cracking User Passwords

Artificial intelligence can – and has been used – to crack passwords at unprecedented speed. In fact, it only takes 60 seconds to guess over half of common passwords at 100% effectiveness if the password has been leaked before. 

Password cracking with AI can take several formats, e.g.

• Password guessing with password generative adversarial networks (PassGAN)
• Adaptive password guessing
• Acoustic side-channel attack (“listening” to user keystrokes)

With adaptive guessing, the AI algorithm sets an initial “guess” and catalogs failed attempts as valuable insights for cracking future passwords. The algorithm is able to learn and get better with each failed attempt. 

5. Mass Data Filtration and Analysis

AI LLMs can be trained on large data sets to identify high value targets. For example, from the financial statements declared by organizations, AI algorithms can be developed to fish out high net worth targets. These individuals can be targeted by large criminal organizations in more targeted spear attacks.

How to Protect Your Business from AI-Powered Cyberattacks

The use of AI against you is no longer a matter of if, but when your organization will be subjected to sophisticated AI-backed attacks. Successful breaches, whether in simulation or reality, have made cybersecurity personnel rethink their overall IT strategy.

The complexity and efficacy of AI-based attacks has improved cybercriminals’ game. However, there are several ways to overturn the status quo and build stronger defenses against the next wave of attacks.

First order of business; fight fire with fire and incorporate AI and machine learning technologies in the development of your cybersecurity strategy. Threat detection, 24/7 monitoring, and alert tools can be based on AI for precision and effectiveness.

Separate measures such as employee training can help equip your staff with the knowledge they need to detect and report potential threats in good time. Equipped with such knowledge, information security departments are better equipped to detect and deal with an attack in its development.

Embracing stronger passwords and the enforcement of strict user access controls can help protect your business data against unauthorized access. But combined, all these measures build a stronger wall against cyberattacks.

Conclusion

The adoption of AI technology in cyber crime has had dire effects on the health and status of business IT. However, it is worth putting up a fight for the safety of personal or corporate data, and other financial liabilities that may arise.
BoomTech is a leading managed IT services provider in South Florida offering cybersecurity, cloud management services, co-managed IT, and help desk support.