The year 2023 is nearing its end, and as we brace ourselves for 2024, cybersecurity experts are painting a concerning picture. Trend Micro, a leading cybersecurity firm, has released its annual security predictions report, and it’s not all sunshine and rainbows. The report predicts a significant rise in generative AI (GenAI)-powered cyberattacks, raising the stakes for governments, corporations, and consumers alike.
Eric Skinner, VP of market strategy at Trend Micro: “Advanced large language models (LLMs), proficient in any language, pose a significant threat as they eliminate the traditional indicators of phishing such as odd formatting or grammatical errors, making them exceedingly difficult to detect. Businesses must transition beyond conventional phishing training and prioritise the adoption of modern security controls. These advanced defenses not only exceed human capabilities in detection but also ensure resilience against these tactics.”
What’s Fueling the Fire?
The proliferation of GenAI, a subfield of artificial intelligence that focuses on creating new content, coupled with the use of Generative Adversarial Networks (GANs), are at the heart of this alarming prediction. From crafting eerily realistic deepfakes to generating malware with unparalleled sophistication, GenAI is rapidly evolving and finding its way into the hands of malicious actors. This potent combination of human ingenuity and machine muscle is poised to unleash a new wave of cyberattacks that are more potent, stealthier, and harder to defend against–driving a new wave of business e-mail compromise (BEC), virtual kidnapping, and other scams.
Fueling this fire further is the potentially lucrative gains that threat actors can potentially gain through malicious activities. For instance, BEC garnered over $2.7 billion for nefarious actors in 2022, according to the FBI. What more, the costs to execute attacks such as data poisoning is plummeting–from as low as $100!
The Scope of the Threat
Trend Micro’s report outlines a chilling spectrum of potential threats:
- Social engineering on steroids: Deepfakes could be used to impersonate executives or celebrities, tricking victims into divulging sensitive information or authorising fraudulent transactions.
- Cloud-native worms: Imagine self-replicating malware specifically designed to exploit vulnerabilities in cloud infrastructure. These “worms” could spread rapidly, infecting entire cloud environments and causing widespread disruption.
- Data poisoning: Malicious actors could manipulate training data used to develop machine learning models, leading to biased or inaccurate outputs. This could have disastrous consequences in critical applications like healthcare, finance and even connected vehicles.
- Supply chain attacks: Upstream open-source software components as well as inventory identity management tools such as telco SIMS, which are crucial for fleet and inventory systems, will be targeted.
- Attacks on private blockchains: Threat actors will exploit vulnerabilities in private blockchains and could attain rights to modify, override, or erase entries and then demand a ransom. Alternatively, they could also try to encrypt the entire blockchain if they manage to seize control of enough nodes.
These are just a few examples, and the possibilities are truly endless. As GenAI technology continues to advance, so too will the creativity and sophistication of cyberattacks.
Mitigating the Mayhem: A Call to Action
So, what can we do to prepare for this onslaught of AI-powered cyberattacks? Trend Micro suggests a multi-pronged approach:
- Investing in AI-powered security solutions: Just as AI is being used for malicious purposes, it can also be harnessed for good. Security solutions that leverage AI can detect and respond to threats in real-time, even those that are novel or constantly evolving.
- Practicing cyber hygiene: Basic security measures like strong passwords, multi-factor authentication, and regular software updates remain essential.
- Raising awareness: Educating employees, consumers, and the general public about the dangers of AI-powered cyberattacks is crucial. By understanding the risks, we can be more vigilant and less likely to fall victim to these sophisticated scams.
“In the coming year, the cyber industry will begin to outpace the government when it comes to developing cybersecurity-specific AI policy or regulations,” said Greg Young, VP of cybersecurity at Trend Micro. “The industry is moving quickly to self-regulate on an opt-in basis.”
Governments have a critical role to play in fostering international cooperation on cybersecurity, developing robust regulations for AI development and use, and investing in research and development of AI-powered security solutions.
Corporations must prioritise cybersecurity in their digital transformation initiatives, conduct regular security assessments, and implement comprehensive security training programs for their employees.
Consumers need to be cautious about the information they share online, be wary of unsolicited emails and attachments, and only download software from trusted sources.
The Future of Cybersecurity: A Symbiotic Dance
The battle against AI-powered cyberattacks will be a continuous one, a never-ending dance between offense and defense. As attackers become more sophisticated, so too must our defenses. Businesses that are heavily investing in new technologies like AI, blockchain, and cloud computing to boost productivity should be prepared for the challenges and unforeseen problems that these technologies can bring. Cybersecurity defenders, meanwhile, will need to be constantly vigilant and adaptable to counter the evolving cyber threats that are expected to emerge in the coming year. They should also implement a comprehensive security strategy that is based on reliable and forward-thinking threat intelligence.
