While the use of artificial intelligence (AI) in today’s cyber attacks is limited, a new report warns that this is poised to change in the near future.
The report, co-created by WithSecure (formerly known as F-Secure Business), the Finnish Transport and Communications Agency (Traficom) and the Finnish National Emergency Supply Agency (NESA), analyses current trends and developments in AI, cyber attacks and areas where the two overlap. It notes cyber attacks that use AI are currently very rare and limited to social engineering applications (such as impersonating an individual) or used in ways that aren’t directly observable by researchers and analysts (such as data analysis in backend systems).
However, the report highlights that the quantity and quality of advances in AI have made more advanced cyber attacks likely in the foreseeable future.
According to the report, target identification, social engineering and impersonation are today’s most imminent AI-enabled threats and are expected to evolve further within the next two years in both number and sophistication.
Within the next five years, attackers are likely to develop AI capable of autonomously finding vulnerabilities, planning and executing attack campaigns, using stealth to evade defences and collecting/mining information from compromised systems or open source intelligence.
“Although AI-generated content has been used for social engineering purposes, AI techniques designed to direct campaigns, perform attack steps or control malware logic have still not been observed in the wild. Those techniques will be first developed by well-resourced, highly skilled adversaries, such as nation-state groups,” said WithSecure Intelligence Researcher Andy Patel. “After new AI techniques are developed by sophisticated adversaries, some will likely trickle down to less skilled adversaries and become more prevalent in the threat landscape.”
While current defences can address some of the challenges posed by attackers’ use of AI, the report notes that others require defenders to adapt and evolve. New techniques are needed to counter AI-based phishing that utilises synthesised content, spoofing biometric authentication systems and other capabilities on the horizon.
The report also touches on the role non-technical solutions, such as intelligence sharing, resourcing and security awareness training, have in managing the threat of AI-driven attacks.
“Security isn’t seeing the same level of investment or advancements as many other AI applications, which could eventually lead to attackers gaining an upper hand,” said WithSecure Senior Data Scientist Samuel Marchal. “You have to remember that while legitimate organisations, developers and researchers follow privacy regulations and local laws, attackers don’t. If policymakers expect the development of safe, reliable and ethical AI-based technologies, they’ll need to consider how to secure that vision in relation to AI-enabled threats.”
The full report is available for download at https://www.traficom.fi/en/publications/security-threat-ai-enabled-cyberattacks.