The introduction of artificial intelligence will make it difficult to tell whether emails, such as messages asking computer users to reset their passwords, are genuine or sent by fraudsters or malicious actors, the UK's Cybersecurity Agency has said. I warned you.
The National Cyber Security Center (NCSC) said that as AI tools become more sophisticated, people will have a harder time identifying phishing messages in which users are tricked into handing over passwords and personal information.
Generative AI is a term that refers to technology that can generate compelling text, audio, and images from simple handwritten prompts, and is widely available to the public through chatbots such as ChatGPT and freely available versions known as open source models. It is now possible.
In its latest assessment of the impact of AI on the cyber threats facing the UK, the NCSC, part of the GCHQ spy agency, says AI will “almost certainly” increase the volume of cyber-attacks and its impact will increase over the next two years. He said it would increase.
The report uses generative AI and large-scale language models, the technologies behind chatbots, to identify various types of attacks, including spoofed messages and social engineering (a term that refers to manipulating people into handing over sensitive material). He said efforts to do so would be complicated.
“By 2025, generative AI and large-scale language models will enable anyone, regardless of their level of cybersecurity understanding, to assess the authenticity of emails and password reset requests, and to detect phishing, spoofing, and social engineering attempts. It will be difficult for anyone to identify.”
Ransomware attacks, which have hit institutions such as the British Library and Royal Mail over the past year, are also expected to increase, the NCSC said.
Increasing sophistication of AI is “lowering the barrier” for amateur cybercriminals and hackers to access systems and collect information on their targets, paralyzing victims' computer systems, extracting sensitive data, and using cryptocurrencies. It warned that a ransom could be demanded.
According to the NCSC, generative AI tools can make approaches to potential victims more convincing by creating fake “bait documents” that are free of translation, spelling, and grammatical errors that lead to phishing attacks. I mentioned that it is already helping to make things better. Its content is created or modified by a chatbot. .
However, the company said that generative AI, which has emerged as a capable coding tool, will not increase the effectiveness of ransomware code, but will help screen and identify targets.
According to the UK's data watchdog, the Information Commissioner's Office, there were 706 ransomware incidents reported in the UK in 2022, compared to 694 in 2021.
The agency warned that state actors likely possess enough malware (short for malicious software) to train specially created AI models that create new code that can circumvent security measures. . The NCSC said such models must be trained based on data extracted from the target.
“Nation-state actors, the most capable of cyber threat actors, are arguably best placed to exploit the potential of AI in advanced cyber operations,” the NCSC report said.
The NCSC added that AI can also serve as a defensive tool, with technology able to detect attacks and design more secure systems.
The report comes as the UK government sets out new guidelines encouraging businesses to be better prepared to recover from ransomware attacks. The Cyber Governance Code of Practice aims to place information security on the same level as financial and legal controls, the NCSC said.
But cybersecurity experts are calling for stronger action. Ciaran Martin, former head of the NCSC, said that unless public and private organizations fundamentally changed the way they tackled the ransomware threat, “the severity of the British Library attack will be very serious”. ” states. Probably every five years from now. ” with newsletterMartin said the UK needs to re-evaluate its approach to ransomware, including establishing stronger rules around ransom payments and abandoning the “illusion” of “fighting back” against criminals based in hostile countries. I wrote.
