Login | April 28, 2024
UK National Cyber Security Centre assess near-future AI-based cybercrime
RICHARD WEINER
Technology for Lawyers
Published: March 15, 2024
The UK government’s National Cyber Security Centre, the equivalent of the US’s CISA (with elements of the FBI and CIA thrown in) has released a brief assessment of potential AI-based cyber criminal activity in the next year or two.
Whilst not surprising, it is a good overview and it has a lot of interesting and useful information in a small space. And it hits the same for the US and everywhere else on the planet.
The report begins by noting that, to the extent that AI might aid cyber attacks, the technology also presents the same level of opportunity for cyber defenders.
For example, it says, “AI can improve the detection and triage of cyber attacks and identify malicious emails and phishing campaigns, ultimately making them easier to counteract.”
Under “key judgments,” the report lists a number of predictions for 2024-25, including that AI will almost certainly increase the volume and heighten the impact of cyber attacks; that the AI used in these attacks will evolve beyond what currently exists, including capability uplift in reconnaissance and social engineering (making phishing friendlier); these uplifted qualities will probably only be available to threat actors who have access to greater training and development resources (implying state actors or large criminal enterprises) but, at the same time, AI lowers the entry bar for nascent criminal types, and will make their data analyses faster and easier. Overall, the global ransomware threat will increase.
The report goes on to state that, overall, a growing sophistication of AI development will make it increasingly difficult to tell whether a given email or other communication is legitimate or not.
Note: There are always certain tells that indicate if some writing or other was artificially generated, but you have to be trained in discerning what is which.
It’s a little easier in a visual construction (six fingers, three arms, horrible shading, etc.), and, if you can train yourself, you can tell AI in writing.
But it’s not easy.
Probably that must be a question to ask a cyber defense company: Are you trained to distinguish AI in an email?
Right now, the answer would probably almost always be “no.” But they’ll get the idea if you all keep asking that question.
At any rate, yes, things are going to get worse. Prepare yourselves!