AI helps both hackers and those who fight them – but in addition to sophisticated security solutions, it also requires users to be prudent and informed.
Cyber criminals are increasingly making use of artificial intelligence (AI). While the main techniques of cybercrime remain similar, AI is increasing the scale and speed of cyber attacks. In the area of phishing in particular, AI has enabled very sophisticated attacks that are difficult to identify, according to Erik Hren and Jernej Galjanič, Cybersecurity Analysts from NIL, part of Conscia.
Fake calls from directors and fake recordings from politicians
Using language models such as ChatGPT, attackers can phish in any language to create persuasive messages without grammatical errors. AI also allows phishing to be enhanced with deepfake technologies to increase the persuasiveness of fake video or audio messages. Erik Hren mentions one of the more famous cases of a British energy company where fraudsters created a voice clone of their CEO who “instructed” employees to wire them (the criminals) $243,000.
Unexpected requests for quick money transfers or information sharing are the most common elements of successful cyber-attacks. Language models and deep forgeries allow attackers to create more sophisticated malicious code that can dynamically change and evade standard detection, according to the experts.
Scammers have also used doctored videos to appeal to the masses, including false statements by celebrities such as Tom Cruise or the late British Queen, and on LinkedIn, some influencers have solicited users to buy software, while political disinformation is also common. Deepfake technology with fake videos of political leaders and their statements can manipulate public opinion and also cause considerable confusion or influence election results. For example, fake videos have also been used in the Russian-Ukrainian war. In one, the Ukrainian President called on citizens to lay down their arms, while in another, the Russian President announced the cessation of the war or peace between the two countries.
Be sceptical about everything you see or hear online
Here are some of the most important steps you can take to protect yourself from cyber threats by the advice from Jernej Galjanič. You should pay attention to any messages that seem suspicious or unusual, including unusual requests or strangely worded content. “Always check the authenticity of the information, as AI can create very convincing fakes,” says Galjanič, adding that there are tools to check AI-generated content, but they are not always 100 percent accurate.
Galjanič further advises to:
update all security systems regularly,
be careful when posting personal information online, as an attacker may be able to glean useful information from images or posts,
keep passwords strong,
use two-factor authentication,
always make backup copies of important data,
be restrained when responding to unsolicited or suspicious communications,
check privacy settings on social networks and limit access to your personal data,
be careful when agreeing to the terms and conditions of data processing.
“Businesses should have cybersecurity experts and invest in advanced threat detection tools. Smaller companies can hire external experts to advise them, while larger ones should consider setting up their own security operations center to continuously monitor and analyze developments in the IT environment, identify anomalies in operations and potentially dangerous attempted attacks or actual security incidents,” Galjanič advises.
On the other hand, AI also brings positive changes, allowing security analysts to identify and respond to cyber threats more quickly and efficiently. “AI technology can play a key role in detecting and preventing cyber attacks,” says Erik Hren. AI is able to identify unusual patterns of behavior that could indicate a cyber attack, filter dangerous emails and even predict potential threats.
“While there is no such thing as 100% security, a rapid response in the event of an attempted or actual attack on the IT environment is very important,” Hren stresses. He says it is very important to spread knowledge about cyber security within companies and among individuals, and to integrate AI-based solutions into security systems.
Although the threat data in the digital world can seem frightening, it need not make us live in a constant state of panic. “It is essential to be aware of these threats and take appropriate action,” according to cyber security analysts Erik Hren and Jernej Galjanič.
The main weapons are information and prudence
“It is important to be aware of both the potential and the risks of AI in the world of cyber security. Through awareness, education and the use of advanced solutions, we can create a safer digital environment where the benefits of AI are used to protect, not to harm,” stresses Hren. He adds that according to global surveys, 71% of people do not know what deepfakes actually are, 57% of those who do know what they are believe they would be able to identify a deepfake, and 43% admit they would not be able to tell the difference between a real and a fake video. This is still a very (too) high proportion, according to Hren.
Cybersecurity is not just about using sophisticated security tools, but also about being prudent, informed and vigilant in our daily use of the Internet.