Cybercriminals leverage AI to carry out more effective attacks
Cybercriminals have found a new way to improve their attacks: artificial intelligence (AI). By using generative AI, they can make their attacks more credible and sophisticated. This practice is rapidly spreading across the world of cybercrime, affecting areas such as phishing, ransomware, scams and even presidential scams.
AI makes cybercriminals more efficient and credible
According to Jean-Jacques Latour, director of cybersecurity expertise at Cybermalveillance.gouv.fr, AI is becoming more popular among cybercriminals and giving them a considerable advantage. The methods used by these criminals remain the same, but their volume of attacks and their ability to persuade increases significantly.
More sophisticated phishing attacks with generative AI
Phishing, which involves sending fraudulent emails promising gifts or discounts, is becoming increasingly sophisticated. Scammers use AI to avoid syntax or spelling errors, adapting their language and context to convince users to click on questionable links or sites.
Generative AI Used to Create Custom Malware
Generative AI can be misused to create custom malware that exploits known vulnerabilities in computer programs. Programs such as ThreatGPT, WormGPT, and FraudGPT are growing on the Darknet and gaining popularity among malicious actors.
AI used to maximize hacker profits
Hackers also use AI to sort and exploit large amounts of data after infiltrating a computer system. This allows them to maximize their profits by targeting the most relevant information.
AI and the presidential scam
AI is also being used in the presidential scam, where hackers collect information on company executives to authorize fraudulent transfers. Thanks to “deepfake” audio generators, they can even perfectly imitate the voices of managers to give transfer orders.
AI used in ransomware and vishing
Businesses and hospitals are facing ransomware attacks that are already using AI to modify their code and evade detection by security tools. Additionally, the technique of vishing, where a fake banker requests a money transfer, could also be improved using AI.
AI-generated synthetic content used to deceive and extort
British police have previously reported cases where synthetic AI-generated content has been used to deceive, harass or extort victims. Although the first cases in France have not been officially recorded, there are doubts about the use of AI by criminals.
The “zero trust” rule to counter new threats
Faced with these new threats, it is essential not to trust any a priori element when it comes to cybersecurity and AI. The most active hackers are generally well-organized networks from Eastern Europe, but state hackers from fringe countries should not be overlooked.
Conclusion
AI-powered cybercrime poses a growing threat. Cybercriminals are increasingly using AI to improve their techniques and carry out more credible attacks. It is essential to remain vigilant and put appropriate protective measures in place to counter these threats.