When asked about the growing exuberance over the use of generative AI, 54% of the surveyed security specialists believe that the same AI will be used to create convincing phishing emails, 47% expect GenAI will be used to design malware that will avoid detection, and 43% say AI will be used to uncover program vulnerabilities.
In a 2023 Beyond Identity survey of 1,010 cybersecurity specialists one in six had worked for companies that experienced an AI-fuelled cyberattack, with 59% seeing this in phishing attacks and 39% in malware. The good news (maybe) is that 40% said it took less than 24 hours to detect the attack and respond accordingly.
Arguably, the more concerning of the trends highlighted in the report is that 75% of those surveyed believe AI will continue to be used in these cyberattacks and that the vulnerabilities will persist because of a lack of human oversight (57%).
Commenting on the recent spike in the use of AI in cyberattacks, including ransomware, CyberArk’s vice president of solution engineers for Asia Pacific and Japan, Jeffrey Kok, says the best way to fight fire is with fire. Reflecting on the ongoing cyberwarfare, he reminds us that technology is not sufficient. People and processes have to be brought into the strategy.
“We can use technology to educate people, so they are less likely to be duped. We can use AI to improve our processes so that there are fewer gaps in security controls,” he added.
“A lot of CIOs have started embracing AI which provides them with faster reaction time and better ways to mitigate cyber threats. Many of our security technologies and processes were built a long time ago, they need to be continuously updated.”
Jeffrey Kok
AI as negotiator
In a post on ISACA, Alex Holden, founder and CISO at Hold Security, suggests that “An AI-driven chatbot could potentially serve as a future ransomware negotiator, employing a formulaic approach to preset demands, initiate timers and respond based on the victim’s actions.”
Kok agrees adding that generative AI (GenAI) can do a lot of heavy lifting for cyber attackers. He posits that where in the past, cyberattacks had to contend with language barriers, the growing maturity of ChatGPT means that a Russian cybercriminal can use AI to negotiate with someone in Japan.
It can send an email with messages that will resonate better and find out the typical reaction time for organisations in Japan. It may also find out the typical sum of cyber insurance premiums that Japanese companies are paying to cyber attackers.
The future of ransomware
According to SOCRadar, ransomware attacks mainly rely on encryption technology to prevent access to files. Its roots can be traced to the “PC Cyborg” malware distributed on 20,000 infected floppy disks labelled AIS Information Introductory Diskette to attendees of a World Health Organisation AIDS conference in 1989.
The first modern ransomware was called PGPcoder which used a drive-by-download method of distribution. By 2015, ransomware-as-a-service emerged as a business model.
Kok says ransomware will continue to grow because it is effective at what it was designed to do. He argued that cyber attackers are using social engineering and more advanced APT threat actors to steal credentials to get into an organisation.
“We're also seeing cyber attackers moving outwards and upstream to find a way in. To attack a bank, for instance, cyber attackers tend to go to their software vendor which might not be secure and move laterally to gain entry,” he added.
Asked to suggest some methods to stay ahead of the extortion threat irrespective of the underlying technologies, Kok reminds us that preparation is key. CIOs and CISOs need to have a stand, and they should always remain optimistic.
“Many leading technology companies are working together to address these challenges with governments for organisations to stop paying the ransom. We are seeing a lot of advancement. For the time being, stay positive, and fight a good fight,” he egged on.
Click on the PodChat player to listen to Kok share detailed countertactics against AI-powered ransomware attacks.
- Is AI being used as an accelerant for ransomware attacks?
- Given that threat actors can recognise data encryption and exfiltration, what should CISOs and security teams update their approach to make strategies and policies more effective against AI-powered ransomware?
- Would AI make for an effective ransomware negotiator? How to make this happen?
- What is the future of ransomware?
- Our topic is counter-tactics against artificially intelligent ransomware, so how do you stay ahead of ransomware (extortion) irrespective of the technologies?