While the use of artificial intelligence (AI) in today’s cyber attacks is limited, a new report warns that this is poised to change in the near future. The report analyzes current trends and developments in AI, cyber attacks, and areas where the two overlap.
Co-created by WithSecure™ the Finnish Transport and Communications Agency (Traficom), and the Finnish National Emergency Supply Agency (NESA), it notes cyber attacks that use AI are currently very rare and limited to social engineering applications, (such as impersonating an individual) or used in ways that aren’t directly observable by researchers and analysts (such as data analysis in backend systems).
However, the report highlights that the quantity and quality of advances in AI have made more advanced cyber attacks likely in the foreseeable future. According to the report, target identification, social engineering, and impersonation are today’s most imminent AI-enabled threats and are expected to evolve further within the next two years in both number and sophistication.
Within the next five years, attackers are likely to develop AI capable of autonomously finding vulnerabilities, planning and executing attack campaigns, using stealth to evade defenses, and collecting/mining information from compromised systems or open-source intelligence.
“Although AI-generated content has been used for social engineering purposes, AI techniques designed to direct campaigns, perform attack steps, or control malware logic have still not been observed in the wild. Those techniques will be first developed by well-resourced, highly-skilled adversaries, such as nation-state groups,” said WithSecure Intelligence Researcher Andy Patel. “After new AI techniques are developed by sophisticated adversaries, some will likely trickle down to less-skilled adversaries and become more prevalent in the threat landscape.”
While current defenses can address some of the challenges posed by attackers’ use of AI, the report notes that others require defenders to adapt and evolve. New techniques are needed to counter AI-based phishing that utilizes synthesized content, spoofing biometric authentication systems, and other capabilities on the horizon. The report also touches on the role non-technical solutions, such as intelligence sharing, resourcing, and security awareness training, have in managing the threat of AI-driven attacks.
“Security isn’t seeing the same level of investment or advancements as many other AI applications, which could eventually lead to attackers gaining an upper hand,” said WithSecure Senior Data Scientist Samuel Marchal. “You have to remember that while legitimate organizations, developers, and researchers follow privacy regulations and local laws, attackers don’t. If policy makers expect the development of safe, reliable, and ethical AI-based technologies, they’ll need to consider how to secure that vision in relation to AI-enabled threats.”
The full report is available for download at https://www.traficom.fi/en/publications/security-threat-ai-enabled-cyberattacks