AI-assisted cyberattacks on the rise

The widespread availability and improved quality of generative AI combined with Generative Adversarial Networks (GANs) to generate realistic photo, audio and video content will have a lasting impact on the phishing landscape in 2024. Trend Micro predicts a new wave of Business Email Compromise (BEC), Virtual Kidnapping and other scams - triggered by the cost-effective creation of such content.

With lucrative profit prospects, threat actors for such campaigns either use legal AI tools with stolen credentials and VPNs to hide their identities or develop their own malicious generative AI tools. But AI models themselves will also come under attack in 2024: While the data sets of generative AI and LLMs (Large Language Models) are difficult for threat actors to influence, specialized cloud-based machine learning models represent an attractive target. They are trained with more specific data sets and can fall victim to data poisoning attacks - from exfiltrating sensitive data to disrupting fraud filters and even interfering with connected vehicles. Such attacks already cost actors less than 100 US dollars today.

"Advanced LLMs that speak any language pose a significant threat as they avoid common clues for phishing attacks, such as unusual formatting or grammatical errors. This makes it more difficult to detect such attacks," reports Udo Schneider, IoT Security Evangelist Europe at Trend Micro. "Companies must therefore adapt their existing phishing training and also introduce modern technical protection measures. Advanced defenses not only outperform human detection capabilities, but also ensure resilience against these attack tactics."

Such security developments may in turn lead to increased scrutiny by regulators and also prompt the technology industry to take matters into its own hands: "In the coming year, the cyber industry will overtake legislators in the development of cybersecurity-specific AI guidelines. The industry is quickly moving towards voluntary self-regulation," continues Udo Schneider.

The Japanese security expert Trend Micro also names other developments that IT security managers should pay particular attention to in 2024: 

• An increase in cloud-native worm attacks that target vulnerabilities and misconfigurations and use a high degree of automation to compromise containers, accounts and services with minimal effort.
• Cloud security will be crucial for companies to close security gaps in cloud environments. The vulnerability of cloud-native applications to automated attacks must be emphasized. Proactive measures, including robust defense mechanisms and thorough security audits, are essential to mitigate risks.
• Attacks on private blockchains are increasing due to vulnerabilities in the implementation of a number of private blockchains. Threat actors could use access rights to modify, override or delete entries and then demand a ransom. Alternatively, if they manage to gain control of enough nodes, they could encrypt the entire blockchain.
• Increasing supply chain attacks are targeting not only open source software components within it, but also identity management tools, such as telco SIMs, which are critical to fleet and inventory systems. Cybercriminals are also exploiting vendor software supply chains via CI/CD systems, with a particular focus on third-party components.

The security of supply chains also plays an important role in the new European NIS2 directive, which will affect companies in the coming year, as Richard Werner, Business Consultant at Trend Micro, explains:

"As soon as NIS2 has been transposed into national law - by October 2024 at the latest - there will initially be a 'fight and flight' as to who falls under it. Companies will initially try to evade the stricter regulation. However, the obligation for those affected to also include their supply chains will have the opposite effect, particularly for suppliers and logistics providers. They will align their IT security architectures with the new requirements in order to be able to offer their customers a specific advantage in international competition. On the one hand, it is sad that we first need new legal requirements to make the danger of supply chain attacks clear. On the other hand, however, it is positive to see that the legislator is responding to a clear threat with clear rules."

Source: www.trendmicro.com