paint-brush
Friend and Foe: Why We Need to Talk About AI's Potential Threats to Cybersecurity Tooby@marcocoffen
163 reads

Friend and Foe: Why We Need to Talk About AI's Potential Threats to Cybersecurity Too

by Marco CoffenMay 1st, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

2021 broke a record for cybercrime statistics, with a total of 1,862 data breaches happening throughout the year. Cybercrime poses a threat to everyone, from small startups and Fortune 500 companies to healthcare organizations, financial institutions, and consumers. Businesses are doing everything they can to fend themselves from these attacks, but it's almost impossible to predict a scammer's next move.
featured image - Friend and Foe: Why We Need to Talk About AI's Potential Threats to Cybersecurity Too
Marco Coffen HackerNoon profile picture

Cyberattacks have become an increasingly prominent issue facing businesses and consumers over the past decade.

2021 broke a record for cybercrime statistics, with a total of 1,862 data breaches happening throughout the year.

That number increased by 38 percent in 2022. Following that pattern, 2023 is already expected to bring more large-scale breaches as scammers continue to up their game.

A new attack on the web happens every 39 seconds. Cybercrime poses a threat to everyone, from small startups and Fortune 500 companies to healthcare organizations, financial institutions, and consumers.

Businesses are doing everything they can to fend themselves from these attacks, but it's almost impossible to predict a scammer's next move and anticipate what the next big threat will be.

Cybercriminals prey on this vulnerability, using a company's consternation as a way to break into their weakened network.

What can businesses do to better defend themselves from attacks and breaches? Many see artificial intelligence as the solution to worsening cybersecurity. 

Artificial Intelligence to the Rescue

Artificial intelligence has become an increasingly popular and effective way for companies to bolster their defenses against potential threats and safeguard their cybersecurity efforts.

AI can analyze data from previous cyber incidents and use that information to predict and identify potential threats to the system it's protecting.

For example, if an employee's account is carelessly clicking on phishing links or an unknown variant of malware, it will alert AI to the suspicious activity, and it will be resolved. 

Companies like Google and Microsoft are working on developing application fuzzing tools, which essentially just automatically detect vulnerabilities and bugs in software before criminals can locate them.

And by monitoring typical user behavior, AI can respond accordingly to any anomalies before they pose a threat.

AI's greatest strengths lie in its ability to adapt to a constantly changing environment. It enables companies to comprehend the relevance and gravity of breaches, respond in real time, and then react intelligently.

The sooner it can detect warning signs, the quicker it can thwart possible intrusions and prevent the theft of sensitive information or login credentials.

What makes AI a powerful defense mechanism, however, is also what makes it a dangerous tool in the hands of its offender — cybercriminals.

Online attackers are constantly seeking ways to outsmart this intelligent technology and turn it against itself as a way to infiltrate a company's system. 

The Dark Side of Artificial Intelligence

Hackers are becoming more clever and are figuring out how to leverage the dark side of AI to unleash significantly more destructive attacks on businesses and consumers.

Here are some of the most common ways artificial intelligence is being used to aid in cyberattacks.

Phishing Email Campaigns

Two dominant techniques used in malicious email campaigns include phishing and spear phishing. You're probably already familiar with these campaigns.

In phishing scams, a scammer uses email subject lines that could easily deceive anyone, such as a package delivery notice or a bank statement.

Spear phishing campaigns, on the other hand, take a more targeted approach that involves gathering information on a specific target and crafting a personalized email to get their attention, which increases the chances of the target clicking on the message.

By leveraging AI, cybercriminals can create highly sophisticated phishing email campaigns that steal sensitive data and subject unsuspecting consumers to financial scams.

These AI-powered attacks are capable of automatically learning what type of language works best in campaigns, what generates the most clicks, and how to tailor the messaging to different targets. 

Blackmailing

Artificial intelligence can collect personal information about someone online almost instantaneously. It can locate an account they have on an extramarital dating service, for example, which is what happened in the infamous Ashley Madison breach.

It can also comb through old social media posts and identify images, posts, or comments that could damage the target's reputation if leaked to the public. 

This sensitive information is like gold to cybercriminals. They can blackmail their target with the information they found and ask for credentials or financial compensation in return for their information staying private. 

Audio Deepfakes

There has been recent evidence of hackers using AI to create and exploit audio deepfakes as a manipulation tactic.

A few years ago, for example, one cybercriminal generated a deepfake of a CEO's voice and used it to con workers into transferring around $243,000 into their account.

These audio attacks add a new layer to business email compromise scams, where scammers pretend to be the CEO of a company and ask that employees urgently send them money.

Employees know to look for these email campaigns, but audio deepfakes are far more sophisticated and deceptive. 

Artificial intelligence is an extraordinary technology, but no technology is foolproof. If we know how AI can be abused, we can continue to develop and customize more robust countermeasures.