AI is already being used by malicious actors to improve the scale and efficiency of their attacks. The National Cyber Security Center stated in their report on the near-term impact of AI on the cyber threat that “Artificial intelligence (AI) will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years. All types of cyber threat actor – state and non-state, skilled and less skilled – are already using AI, to varying degrees.”
However, AI-powered security solutions are also rapidly developing to defend against this rising threat. A survey from Darktrace found that 96% of security stakeholders agreed that AI-powered solutions would level up their organization’s defenses. AI is ideally suited for speed, pattern recognition and automation, abilities which can support a strong cyber defense strategy.
How cybercriminals are using AI
Faster, smarter phishing attacks
Traditional advice for spotting phishing emails relies on tells such as spelling and grammar mistakes, generic greetings, or inconsistent design. However, the advent of AI tools has allowed scammers to largely avoid these signs, creating significantly more realistic phishing emails.
Many phishing scams are successful due to scale – while not everyone will fall for a particular email, a percentage will. AI tools can increase the scale a cybercriminal can operate at, creating a larger pool, while also improving the believability of individual emails, raising the success rate.
AI tools can also be used to add personalized information to a phishing email, often scraping public data the victim has shared online, such as their workplace, hometown, or names of friends, family, or coworkers. This information can be used in a phishing template to trick the reader into giving away personal information, or clicking a malicious link, with very little input needed from the attacker.
Automated brute force and password cracking
A brute force attack uses trial and error to guess passwords or other credentials to gain access to a user’s data or to a system. The method involves cycling through every possible combination of characters to reach the correct answer.
Before AI tools were widely used, brute force attacks were a time-consuming method of accessing information. However, AI and AI-enabled automation increase the speed of the process, enabling attackers to crack a higher volume of passwords, and making the method more efficient. For example, a weak 5-character password might take a human attacker hours to crack, but AI can reduce that time to seconds.
At an even more advanced level, AI can predict likely passwords which can be tested first, rather than just cycling randomly through combinations of characters. In the same method as is used to personalize phishing attacks, AI can crawl publicly available information about an individual to guess likely password components, for example their birthday, or a pet’s name.
Deepfakes for scams and fraud
Deepfake technology uses AI trained on audio, images and video to mimic real people. Many people are aware of the use of this technology to create fake videos of celebrities or public figures, but may be unaware that cybercriminals can also incorporate it in their attacks.
A scammer can create a model of a family member or colleague’s voice and appearance from a video available online, or through a recording they have made through a previous scam call. They can then fake any message they choose – this could be asking for money to be transferred, or for login details to a company’s system.
An example of this occurred in early 2024, when British engineering company Arup was the victim of a deepfake scam. An employee was tricked into transferring £20 million to criminals following a video conference call with AI-generated deepfakes of senior staff.
With the level of technology now available, it can be almost impossible to discern a deepfake from the real thing, leading to a high risk of falling for this style of attack.
Sophisticated ransomware
Ransomware is one of the most common, and most devastating, forms of cyber attack. In a ransomware attack, the cybercriminal gains access to a company’s data, encrypts it, and demands payment to return access.
While a ransomware attack can be successful without the use of AI or automation, these tools can simplify and speed up the process. AI could be used to find vulnerabilities in a system, evade traditional security defenses, and automation can simplify elements such as communicating with the target. When the process is simpler to implement, it will require less skill and resources from an attacker.
AI can also aid in making an attack smarter and more targeted. This could involve using AI to analyze the target system to identify the most critical files to encrypt to create the maximum disruption, or customize the ransom demand based on the company size or value, predicting the largest payout a company may be likely to make.
In this way, automation simplifies delivery, and AI makes ransomware attacks more strategic.
How AI is helping defend against cyber threats
While it is crucial to understand how AI is being used by criminals, its impact is not all negative. Just as attackers use AI and AI-enabled automation tools to improve their approach, they can also improve cyber defenses. For example, leading tools such as Crowdstrike’s threat detection and response software use AI to detect and isolate threats in real time.
There are several benefits of integrating AI in a security strategy:
Predictive threat detection: AI can rapidly analyze network traffic to flag suspicious behavior before a breach. Automated systems can be configured to alert the security team of a potential threat, and even to automatically trigger defenses.
User behavior analytics: Using a similar pattern recognition approach, AI tools can monitor the behavior of system users to catch anomalies, for example unusual logins.
Faster incident response: AI can speed up manual processes, for example detecting, diagnosing and isolating cyber incidents. The faster you can act on a breach, the less impact it will have on your operations.
Adaptive defense systems: Machine learning allows AI systems to evolve and adapt to new attack methods, without manual updates, keeping your defenses up to date.
It is important to note that AI cannot replace security processes. While it has significant capabilities, AI is not perfect. For example, AI-based systems can be vulnerable to attacks such as data poisoning, where hackers manipulate the data the AI learns from to degrade its effectiveness.
To protect your infrastructure, you should use AI tools alongside a strong security stack, regular employee training, multi-factor authentication, and regular backups.
Is your infrastructure protected?
With cyberthreats and cybersecurity rapidly evolving due to the rise of AI and automation, it is essential to ensure your infrastructure is secure.
For further details on cloud security information and protection measures, you can read our dedicated Cloud Security Guide. Alternatively, if you’re ready to upgrade your security, a consultation with one of our cloud experts can help you identify any vulnerabilities in your current defenses, and develop a bespoke strategy to protect your organization. Fill out our contact form and one of the team will be in touch.
