Are cyber-criminals using AI to get smarter?
05 October 2023
Please note: All data referenced in this article is sourced from Bloomberg unless otherwise stated, and is accurate at the time of publishing.
Artificial intelligence (AI) is rapidly transforming the world we live in, but it also has the potential to be used for malicious purposes. In the following article, we explore the emerging trend of AI-powered cyber-crime and ask whether the risks are more science fiction-based than reality. We also offer some useful reminders on what we can do to stay safe online.
It could be the hackers using AI to write compelling, hyper-targeted and hyper-believable phishing emails that not only impersonate trusted sources but also remove the glaring grammatical and spelling errors.
Or it’s the AI-powered malware going beyond the usual methods of attack – making it increasingly difficult to detect, and designed to constantly change in an attempt to bypass conventional security systems and firewalls. Either way, the risks posed by the emergence of AI continue to evolve and grow.
While these AI-based cyber threats are thankfully more theoretical than imminent at present, they’re a concern nonetheless – and something that should be taken seriously.
“Although the AI-driven cyber threat is still relatively small, it could become much more dangerous in the future as the cyber-criminals learn how to exploit AI more effectively,” says Matt Lane, Director and Co-Founder of XCyber, a cyber security firm that offers state-grade services to its clients.
“One of the main risks is that AI can automate tasks at a scale that was previously impossible, allowing hackers to find new vulnerabilities in systems, as well as creating highly targeted phishing emails.”
AI: the next frontier?
Even today, AI can be used by hackers as a powerful tool to access your network, private life, emails or office setup.
A recent report by Check Point Research uncovered an unsettling 8% surge in weekly global cyber-attacks in the second quarter of this year, putting the increase down to the emergence of next-generation AI technologies1.
And while it’s hard to know what the future may hold, practising good basic cyber hygiene remains the best way to protect against threats – AI or otherwise. This includes:
- Being careful about what emails you open and what links you click on
- Keeping your software up to date (as this will help protect you from known vulnerabilities)
- Using a strong password manager to create and store unique passwords for all your accounts
- Enabling two-factor authorisations on all your accounts whenever possible, to add an extra layer of security
“Cyber-crime is becoming ever-more sophisticated, so it’s important to be vigilant,” says Hannah Rodden, Fraud Awareness Manager at Barclays. “This means staying informed about the latest threats, using strong passwords and security measures, and being careful about what you share online.”
For more top tips on staying safe online, read our earlier article on the Five must-know cyber threats.
Changing landscape
Cyber-criminals are also thought to be developing and deploying AI-powered web crawlers – used to sift the internet in search of spying and spamming opportunities.
Many high-net-worth individuals tend to have a strong online presence (which can, of course, help you stand out from the competition), but this can sometimes be a double-edged sword. It’s important therefore to be aware of your digital footprint so you can try to control what you leave online for others to find.
“Cyber-criminals can target anyone, regardless of how careful they are online,” warns Lane at XCyber.
“Even today, criminals can create a detailed profile of you from the information that's already publicly available online – this can come from a variety of sources, including your own social media accounts, data breaches, and even news articles.”
Lane adds: “Cyber-criminals are constantly on the lookout for new ways to commit fraud with the least amount of effort and resources. And high-net-worth individuals often fit that bill – especially as they are seen as high-value targets without the same level of security as corporations.”
Defending against attacks
But don’t panic. An AI takeover is far from imminent.
For one, the threat may be overblown amid so many unknowns about this fast-changing space. And it’s also important to remember that while the cyber-criminals will always try to exploit new technologies for malicious purposes, “good” AI has the potential to outweigh the “bad”.
“If you keep your cyber defences strong, you can reduce the risk of falling foul to even the most sophisticated cyber hackers,” says Lane at XCyber.
“And who’s to say that AI won’t come up with solutions to collectively improve our cyber security, significantly outweighing any risks?”
Related articles
Disclaimer
This communication is general in nature and provided for information/educational purposes only. It does not take into account any specific investment objectives, the financial situation or particular needs of any particular person. It not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful for them to access.
This communication has been prepared by Barclays Private Bank (Barclays) and references to Barclays includes any entity within the Barclays group of companies.
This communication:
(i) is not research nor a product of the Barclays Research department. Any views expressed in these materials may differ from those of the Barclays Research department. All opinions and estimates are given as of the date of the materials and are subject to change. Barclays is not obliged to inform recipients of these materials of any change to such opinions or estimates;
(ii) is not an offer, an invitation or a recommendation to enter into any product or service and does not constitute a solicitation to buy or sell securities, investment advice or a personal recommendation;
(iii) is confidential and no part may be reproduced, distributed or transmitted without the prior written permission of Barclays; and
(iv) has not been reviewed or approved by any regulatory authority.
Any past or simulated past performance including back-testing, modelling or scenario analysis, or future projections contained in this communication is no indication as to future performance. No representation is made as to the accuracy of the assumptions made in this communication, or completeness of, any modelling, scenario analysis or back-testing. The value of any investment may also fluctuate as a result of market changes.
Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.
Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.