Artificial intelligence (AI) and machine learning have become key tools in the cat and mouse game of cybersecurity and cyber attacks, according to a report from cybersecurity firm ReliaQuest.
The ReliaQuest Annual Threat Report explains that bad actors are using AI to “supercharge” social engineering, which it says is the main exploit against organizations.
Phishing is used in 71% of attacks. AI is a key tool in creating these attacks. One new variant is QR code phishing, which ReliaQuest says increased 51% in 2023 compared to the last eight months of 2022. AI and machine learning also are used in “drive-by attacks” that require no action by victims and fake automatic updates to web browsers.
It’s an organized push, according to the report. There is evidence that participants in the major cybercriminal forums now discuss AI as a tool in developing alternative chatbots such as FraudGPT and WormGPT and “hint at the development of simple malware and distributed denial of service (DDoS) queries using these options,” stated a press release about the findings.
AI can create potent tools because it can replicate voices using a sample and video-call deep fakes, the report notes. Another avenue for AI and machine learning to help bad actors is automation. The report points to The Citrix Bleed exploitation as an example of this approach.
Security forces are not helpless, however. AI also can be used to combat AI-enabled cyber attacks.
A survey of ReliaQuest customers found that those that used AI-enabled automated workflows were able to reduce the time to resolve threats drastically. Those customers that did not use AI-enabled automated workflows took an average of 2.3 days to respond to threats, but for those customers that used some level of AI and automation, the average was 58 minutes. And for customers that “fully leveraged” AI and automation, the average was seven minutes.
“As the threat continues to evolve, defenders must stay agile, using AI and automation to keep pace with the latest attack techniques,” Michael McPherson, ReliaQuest’s senior vice president of technical operations, said in a press release. “Time is the enemy in cybersecurity.
“To proactively protect against these risks, companies should maximize visibility across their networks and beyond the endpoint, fully leverage AI and automation to better understand and use their own data, and equip their teams with the latest threat intelligence.”
Last year, the security company found that financial theft was the target of 88% of attacks and extortion activity rose by 74%.
Broadband providers are realizing the role that AI can play in cybersecurity. For example, Comcast acquired an AI cybersecurity firm to boost capabilities in that area.
