The surge in ransomware activities is not showing any signs of slowing down, and a recently published report by the U.K.’s NCSC has raised concerns that the global threat will only increase with the advancement of AI technology. The report, titled “The Near-Term Impact of AI on the Cyber Threat,” is based on an assessment that combines classified intelligence, industry knowledge, academic material, and open source data from the U.K. government as well as international partners.
According to the NCSC report, AI tools could help attackers develop malware and exploits more efficiently, as well as carry out more effective phishing campaigns. This is particularly concerning given the significant increase in ransomware attacks over the past year. For example, a threat report by NCC Group tracked an 84% increase between 2022 and 2023.
The use of AI in cybersecurity threats is predicted to become more prevalent in the coming years, with the report highlighting the potential impact of generative AI (GenAI) and large language models on cyber threats. These advancements could make it more difficult for cybersecurity professionals to identify phishing emails and social engineering attempts, ultimately providing a significant uplift to the capabilities of novice and less skilled threat actors.
The report also emphasized that AI will almost certainly make cyber attacks against the UK more impactful by enabling threat actors to analyze exfiltrated data faster and more effectively. While the predictions and key judgments in the report are based on a “probability yardstick,” which includes a likelihood range from “remote” to “almost certain.”
In addition to the worrying trend of AI contributing to more advanced phishing attacks and an increase in ransomware, the report also highlighted the potential for AI to widen the pool of capable threat actors that conduct ransomware attacks. It pointed to the as-a-service business model, which has expanded the threat by allowing affiliates to purchase ransomware programs from different gangs, as a factor contributing to the increase in ransomware activity.
The report also assessed that the commoditization of cybercrime capability, such as ‘as-a-service’ business models, makes it almost certain that capable groups will monetize AI-enabled cyber tools, making improved capability available to anyone willing to pay. The rapid exploitation of software vulnerabilities and the potential for AI to accelerate this challenge was also a prominent risk addressed in the report.
While the use of AI in cyber threats presents many challenges, experts believe that there may also be opportunities for organizations, such as CISA, to use AI to improve threat detection capabilities and help identify phishing campaigns for defenders. However, it is important to be aware of the potential risks as well. Nitin Natarajan, deputy director at CISA, highlighted the positive outcomes and benefits that organizations can gain from AI technology, but also acknowledged the new risks it creates, especially for organizations that struggle with identifying malicious messages.
Overall, the report serves as a stark warning of the potential impact of AI on cyber threats, and the need for organizations and cybersecurity professionals to stay ahead of rapidly evolving tactics used by threat actors. As technology continues to advance, it is clear that the battle against cyber threats will require constant vigilance and adaptation to new challenges.