The rise of generative AI applications has not only transformed the business landscape but has also had a profound impact on the world of cybercrime. In this era of rapidly evolving technology, failure to embrace advancements in artificial intelligence (AI) can leave companies lagging behind their competitors and vulnerable to cyberattacks fueled by AI. However, it is essential to examine the effects of AI on cybercrime from a realistic standpoint, avoiding succumbing to exaggerated claims that often read more like science fiction.
The recent progress and maturation of AI have brought about a significant leap forward in enterprise security. Cybercriminals struggle to match the vast resources, expertise, and motivation of companies, making it increasingly difficult for them to keep up with the relentless pace of AI innovation. In 2021, private venture investment in AI soared to a staggering $93.5 billion, a capital level beyond the reach of most cybercriminals. Additionally, cybercriminals lack the manpower, computing power, and innovative capabilities that governments and commercial enterprises possess, which allow them the luxury of learning from failure, adapting quickly, and ultimately getting things right.
However, it is crucial to understand that cybercriminals will eventually catch up. This is not the first time that the security industry has had a brief period of advantage. Several years ago, when ransomware began prompting defenders to adopt endpoint detection and response (EDR) technologies, attackers needed time to figure out ways to evade these new strategies. This brief “grace period” provided businesses with an opportunity to enhance their defenses. The same principle applies today: companies must capitalize on their current lead in the AI race, leveraging the speed and precision that AI innovations offer to strengthen their threat detection and response capabilities.
But how exactly is AI altering the landscape of cybercrime? While it may not lead to substantial changes in the near future, it will certainly scale cybercrime in specific instances. Let’s explore a couple of scenarios where malicious adoption of AI can make an immediate impact.
Fully automated malware campaigns: Although fully automated malware campaigns are theoretically possible, they remain unlikely in the foreseeable future. Leading tech companies have not yet achieved fully automated software development cycles, making it improbable for financially constrained cybercriminal groups to achieve this feat anytime soon. However, partial automation can still enable the scaling of cybercrime, as we have already witnessed in campaigns such as Bazar. This tactic is not a novel innovation but a tried-and-true technique that defenders have already encountered.
AI-engineered phishing: This scenario is not only possible but has already become a reality. AI-engineered phishing attacks are emerging, and they have the potential to be more persuasive and achieve higher click rates. However, the fundamental goal remains unchanged: to deceive individuals into clicking on malicious links. Detecting and responding to AI-engineered phish attacks require the same readiness as human-engineered ones. The critical difference lies in the scale. AI acts as a force multiplier, allowing cybercriminals to scale phishing campaigns significantly. Enterprises need to be vigilant if they witness a surge in inbound phishing emails, particularly if these emails display higher persuasiveness. Such a spike indicates a higher probability of click rates and potential compromises. EDR, managed detection and response (MDR), extended detection and response (XDR), and identity and access management (IAM) technologies play an essential role in detecting anomalous behavior before it causes severe harm.
AI poisoning attacks: AI poisoning attacks, which involve programmatically manipulating AI models’ code and data, represent the “holy grail” of cyberattacks. A successful poisoning attack allows attackers to control an AI model’s behavior or function, leading to a wide range of impacts, from misinformation campaigns to scenarios resembling the movie “Die Hard 4.0.” However, executing these attacks is no easy task. It requires gaining access to the data used to train AI models, which is a considerable challenge. As more models become open source, the risk of AI poisoning attacks will inevitably increase, but for now, it remains relatively low.
While it is vital to separate hype from reality, it is equally important to ask the right questions about AI’s impact on the threat landscape. Many aspects of AI’s potential effects on adversaries’ goals and objectives remain unknown. It is uncertain how new abilities introduced by AI may serve new purposes for attackers and reframe their motives.
Although novel AI-enabled attacks may not experience an immediate surge, the scaling of cybercrime through the adoption of AI will undoubtedly impact unprepared organizations. Speed and scale are inherent characteristics of AI, and just as defenders seek to benefit from them, so do attackers. Considering that security teams are already overwhelmed and understaffed, an increase in malicious traffic or incident response engagements would place a significant burden on them.
This emphasizes the urgency for enterprises to invest in their defenses and utilize AI to enhance the speed and precision of their threat detection and response capabilities. Organizations that take advantage of this “grace period” will emerge as resilient and well-prepared entities, capable of effectively combatting AI-enabled attacks when cybercriminals eventually catch up in the AI-driven cyber race.