While ransomware activity is already surging, a new National Cyber Security Centre report assessed that the threat will only increase globally over the next year as AI improves phishing and other threat actor techniques.
The report is based on an NCSC assessment that combines classified intelligence, industry knowledge, academic material and open source data from the U.K. government as well as international partners.
The report, which informs U.K. government policies, determined that AI tools could help attackers develop malware and exploits more efficiently and carry out more effective phishing campaigns.
Improvements generated through AI could increase risks across the threat landscape, though the report highlighted ransomware, which is already a persistent problem.
The number of ransomware attacks skyrocketed last year.
A threat report by NCC Group tracked an 84% increase between 2022 and 2023.
The NCSC predicted that by 2025, generative AI and large language models would make it more difficult for cybersecurity professionals of all levels to identify phishing emails and social engineering attempts that, for example, call for password resets.
While other vendors such as Splunk found that those tools don't improve the efficacy of spear phishing emails, the NCSC assessed that GenAI would make it easier for threat actors to craft emails with fewer grammar and spelling mistakes.
While AI might contribute to more advanced phishing attacks and therefore an increase in ransomware, the NCSC said it could also widen the pool of capable threat actors that conduct ransomware attacks.
One factor that contributed to an increase in ransomware activity over the years was the as-a-service business model.
Ransomware as a service expanded the threat because affiliates do not need coding experience; they can instead purchase ransomware programs from different gangs, which in turn take a percentage of whatever ransom payments the affiliates receive.
The report assessed that as-a-service business models will continue to benefit amateur or less skilled threat actors in a variety of ways in addition to ransomware.
That could include GenAI as a service, which the NCSC said could already be in development.
Another prominent risk addressed in the report was how quickly threat actors are exploiting software vulnerabilities.
The time between patch releases and exploitation has already decreased, the report warned, and AI will only exacerbate the problem.
Another positive outlook from the agency was how AI can improve threat detection capabilities and help identify phishing campaigns for defenders.
Nitin Natarajan, deputy director at CISA, told TechTarget Editorial that while AI could make it easier for ransomware actors, he also sees some positive outcomes and benefits that organizations including CISA can add to their repertoire.
He agreed with the NCSC that the technology could improve phishing emails and malicious coding capabilities, which would create new risks for organizations, especially those that already struggle with identifying malicious messages.
Tamara Chacon, security strategist at Splunk, said AI tools will increase the speed at which phishing content is created, but the quality of that content is another matter.
Arielle Waldman is a Boston-based reporter covering enterprise security news.
This Cyber News was published on www.techtarget.com. Publication date: Wed, 24 Jan 2024 22:43:05 +0000