Are cyber-criminals using AI to get smarter?
05 October 2023
Please note: All data referenced in this article is sourced from Bloomberg unless otherwise stated, and is accurate at the time of publishing.
Artificial intelligence (AI) is rapidly transforming the world we live in, but it also has the potential to be used for malicious purposes. In the following article, we explore the emerging trend of AI-powered cyber-crime and ask whether the risks are more science fiction-based than reality. We also offer some useful reminders on what we can do to stay safe online.
It could be the hackers using AI to write compelling, hyper-targeted and hyper-believable phishing emails that not only impersonate trusted sources but also remove the glaring grammatical and spelling errors.
Or it’s the AI-powered malware going beyond the usual methods of attack – making it increasingly difficult to detect, and designed to constantly change in an attempt to bypass conventional security systems and firewalls. Either way, the risks posed by the emergence of AI continue to evolve and grow.
While these AI-based cyber threats are thankfully more theoretical than imminent at present, they’re a concern nonetheless – and something that should be taken seriously.
“Although the AI-driven cyber threat is still relatively small, it could become much more dangerous in the future as the cyber-criminals learn how to exploit AI more effectively,” says Matt Lane, Director and Co-Founder of XCyber, a cyber security firm that offers state-grade services to its clients.
“One of the main risks is that AI can automate tasks at a scale that was previously impossible, allowing hackers to find new vulnerabilities in systems, as well as creating highly targeted phishing emails.”
AI: the next frontier?
Even today, AI can be used by hackers as a powerful tool to access your network, private life, emails or office setup.
A recent report by Check Point Research uncovered an unsettling 8% surge in weekly global cyber-attacks in the second quarter of this year, putting the increase down to the emergence of next-generation AI technologies1.
And while it’s hard to know what the future may hold, practising good basic cyber hygiene remains the best way to protect against threats – AI or otherwise. This includes:
- Being careful about what emails you open and what links you click on
- Keeping your software up to date (as this will help protect you from known vulnerabilities)
- Using a strong password manager to create and store unique passwords for all your accounts
- Enabling two-factor authorisations on all your accounts whenever possible, to add an extra layer of security
“Cyber-crime is becoming ever-more sophisticated, so it’s important to be vigilant,” says Hannah Rodden, Fraud Awareness Manager at Barclays. “This means staying informed about the latest threats, using strong passwords and security measures, and being careful about what you share online.”
For more top tips on staying safe online, read our earlier article on the Five must-know cyber threats.
Changing landscape
Cyber-criminals are also thought to be developing and deploying AI-powered web crawlers – used to sift the internet in search of spying and spamming opportunities.
Many high-net-worth individuals tend to have a strong online presence (which can, of course, help you stand out from the competition), but this can sometimes be a double-edged sword. It’s important therefore to be aware of your digital footprint so you can try to control what you leave online for others to find.
“Cyber-criminals can target anyone, regardless of how careful they are online,” warns Lane at XCyber.
“Even today, criminals can create a detailed profile of you from the information that's already publicly available online – this can come from a variety of sources, including your own social media accounts, data breaches, and even news articles.”
Lane adds: “Cyber-criminals are constantly on the lookout for new ways to commit fraud with the least amount of effort and resources. And high-net-worth individuals often fit that bill – especially as they are seen as high-value targets without the same level of security as corporations.”
Defending against attacks
But don’t panic. An AI takeover is far from imminent.
For one, the threat may be overblown amid so many unknowns about this fast-changing space. And it’s also important to remember that while the cyber-criminals will always try to exploit new technologies for malicious purposes, “good” AI has the potential to outweigh the “bad”.
“If you keep your cyber defences strong, you can reduce the risk of falling foul to even the most sophisticated cyber hackers,” says Lane at XCyber.
“And who’s to say that AI won’t come up with solutions to collectively improve our cyber security, significantly outweighing any risks?”