In the age of AI, it was just a matter of time that hackers will apply this powerful tool to do their dirty deeds.
From convincing phishing emails to scanning weaknesses in corporate networks ninja style, AI has become a valuable tool for hackers.
The sophistication of hacking has elevated every year, fooling employees into clicking into an email thinking it’s from their company’s CEO.
Now, hackers have entered hacking into the phone system.
A recent hacking case where hackers used computer generated “deep fake” voices to scam companies out of millions.
Someone pretending to be a company’s CEO called an employee in the finance department and ordered an urgent wire for $10 million USD. The CEO (computer generated) says on the phone, “it’s the end of our quarter, we need a wire transfer to go out within the next hour. It’s critical. We have to pay this supplier and it has to happen before the quarter closes.”
In this case, the company had protocols and checks and balances in place, and the employee had to get someone else to sign off on the transfer.
“She convinced a colleague, “I spoke with the CEO, what else do you need?”
Executives often make public appearances, creating plenty of materials for hackers to seize and replicate voices. And if the potential loot is several million dollars, what would stop hackers from calling executives on some pretext and engaging them in conversation to get a recording?
With most employees working remotely, there are fewer chances of employees walking down the hall to ask about an unusual request.
Malicious activities such as password reset, turn off security measures, phishing emails are all up since 2020.
Ransomware has also escalated. Cyber criminals are also using AI to target their victims to see responses of the firewalls and find open ports that have been overlooked by the security team. Some attacks are obviously powered by AI because of their sophistication.
Hackers are also using AI and machine learning to automate attacks against enterprise networks by creating malware that is smart enough to hunt for vulnerabilities and decide which payload to deploy to take advantage of the opportunity. Attacks today are laser focused rather than taking the usual laying dormant approach.
Although the AI-fueled security war is still in with the good guys, the power may soon shift.
The same AI technology used to power speech recognition, self-driving cars and fake videos have the potential to be used for other tools such as malicious viruses. Viruses that would be hard to distinguish from what’s real and what isn’t and intelligently going after data center’s entire perimeter to find the smallest vulnerabilities and use it to burrow itself and wait.
Hackers can get into a system, observe networks, user behaviour and customize their command codes in a way that mimics the creativity and the flexibility of a person. They will be able to replicate more sophisticated methods without any interaction and make it harder for cyber security defenders.
Being vigilant with a zero-trust approach for detecting malicious software is necessary in today’s environment. AI related systems are becoming more present in the global economy and in the underground criminal world.
