Emerging markets susceptible to AI-driven cyber attacks, warns Veeam

Christopher Tredger
By Christopher Tredger, Portals editor
Johannesburg, 25 Jun 2024
Ian Engelbrecht, system engineering manager at Veeam Software.
Ian Engelbrecht, system engineering manager at Veeam Software.

AI lowers the barrier to entry for cyber criminals – and emerging markets like South Africa are particularly vulnerable to AI-backed cyber crime, according to Ian Engelbrecht, system engineering manager at Veeam Software.

Limited cybersecurity budgets and outdated, legacy software weaken cyber defense strategies, he says.

 “Insufficient resources may hinder organisations’ ability to adopt advanced cyber security solutions that utilise AI and machine learning to protect against sophisticated threats. Old and unpatched systems present known vulnerabilities that can be exploited by cyber criminals using AI-powered tools. These tools enable them to automate vulnerability discovery and quickly scan for weaknesses.

AI-infused ransomware

Global cyber security organisations especially concerned about the use of AI to escalate ransomware threats. 

Veeam refers to a recent warning from the UK’s National Cyber Security Centre, which notes that AI will enhance ransomware capabilities through support for reconnaissance, phishing, and coding.

Engelbrecht says this poses a significant concern for South Africa's cyber security landscape.

“By leveraging AI, cyber criminals can develop more sophisticated and advanced malware strains that are capable of evading traditional security measures. AI algorithms can analyse existing malware samples, detect patterns, and generate new variants that can bypass traditional detection mechanisms. Moreover, AI can be utilised to obfuscate malware code, making it increasingly challenging for security solutions to identify and block these threats effectively.”

According to the Veeam Ransomware Trends Report 2024, ransomware remains the leading cause of IT outages and downtime, with approximately 41% of data compromised during a cyber attack. Alarmingly, only 57% of this compromised data is expected to be recovered, leaving organisations vulnerable to substantial data loss and negative business impacts.

“When combined with automated information gathering on a target, we’re looking at the next generation of social engineering.”

Ian Engelbrecht, Veeam Software.

AI algorithms can scan networks or environments to map architecture and endpoints and, crucially, spot vulnerabilities. Threat actors will already do this manually, but AI will make it much easier and more effective.

“AI can also be used to automate information gathering for more targeted attacks. These tools can scrape the internet (particularly social media) to collect as much information on a target as possible for phishing and social engineering,” says Engelbrecht

He adds that even the most readily available AI tools can be used to craft better phishing e-mails, bridging the language barrier that often makes such scams detectable. “When combined with automated information gathering on a target, we’re looking at the next generation of social engineering.”

Veeam Software stresses the importance of collaboration between industry, government, and cyber security experts in sharing threat intelligence and developing effective countermeasures.

“By continuously improving and implementing comprehensive cyber security strategies, staying knowledgeable about emerging threats, and leveraging advanced technologies, organisations have the chance to keep up with cyber criminals and protect their digital assets in the face of evolving cybersecurity challenges,” Engelbrecht concludes.