OurCoders (我们程序员)

2025-02-11 06:02:09
Top 5 ways attackers use generative AI to exploit your systems Cybercriminals are leveraging generative AI technologies to enhance the sophistication and efficiency of their attacks, including phishing, malware development, vulnerability hunting, and authentication bypass. This滥用生成式AI进行网络犯罪使得技术门槛降低，提高了钓鱼邮件的欺骗性，并加速了漏洞利用的速度。同时，犯罪分子正转向中国的新AI模型（如DeepSeek和Qwen）以及开发自己的大型语言模型来生成恶意内容，进一步加剧了网络安全威胁。为应对这些挑战，企业需要采用更先进的安全措施并利用人工智能技术进行防御。 Cybercriminals are increasingly exploiting gen AI technologies to enhance the sophistication and efficiency of their attacks. Artificial intelligence is revolutionizing the technology industry and this is equally true for the cybercrime ecosystem, as cybercriminals are increasingly leveraging generative AI to improve their tactics, techniques, and procedures and deliver faster, stronger, and sneakier attacks. But as with legitimate use of emerging AI tools, abuse of generative AI for nefarious ends isnât so much about the novel and unseen as it is about productivity and efficiency, lowering the barrier to entry, and offloading automatable tasks in favor of higher-order thinking on the part of the humans involved. âAI doesnât necessarily result in new types of cybercrimes, and instead enables the means to accelerate or scale existing crimes we are familiar with, as well as introduce new threat vectors,â Dr. Peter Garraghan, CEO/CTO of AI security testing vendor Mindgard and a professor at the UKâs Lancaster University, tells CSO. Garraghan continues: âIf a legitimate user can find utility in using AI to automate their tasks, capture complex patterns, lower the barrier of technical entry, reduced costs, and generate new content, why wouldnât a criminal do the same?â Here is a look at various ways cybercriminals are putting gen AI to use in exploiting enterprise systems today. Taking phishing to the next level Gen AI enables the creation of highly convincing phishing emails , greatly increasingly the likelihood of prospective marks giving over sensitive information to scam sites or downloading malware. Instead of sending a reasonably generic and unconvincing email, often with grammatical and formatting inconsistencies and errors, the use of AI enables cybercriminals to quickly generate more sophisticated and legitimate-looking emails, with the potential for greater personalization to target the recipient. Gen AI tools help criminals pull together different sources of data to enrich their campaigns â whether this is group social profiling, or targeted information gleaned from social media. âAI can be used to quickly learn what types of emails are being rejected or opened, and in turn modify its approach to increase phishing success rate,â Mindgardâs Garraghan explains. As phishing attacks branch out in kind , AI-generated audio and video deepfakes can be used as part of more sophisticated social engineering attacks. In the most high-profile example to date, a finance worker at design and engineering company Arup was tricked into authorizing a fraudulent HK$200 million ($25.6 million) transaction after attending a videoconference call during which fraudsters used deepfake technology to impersonate its UK-based chief finance officer. Facilitating malware development Artificial intelligence can also be used to generate more sophisticated or at least less labour-intensive malware. For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI. âThe loaderâs detailed line-by-line description suggesting it was crafted using generative AI,â according to the latest edition of HP Wolf Securityâs Threat Insights Report . In addition, the âdesign of the HTML webpage delivering XWorm is almost visually identical as the output from ChatGPT 4o after prompting the LLM to generate an HTML page that offers a file download,â HP Wolf Security adds. Similar techniques were in play with the earlier AsyncRAT campaign, according to HPâs enterprise security division. Elsewhere, ransomware group FunkSec â an Algeria-linked ransomware-as-a-service (RaaS) operator that takes advantage of double-extortion tactics â has begun harnessing AI technologies, according to Check Point Research. âFunkSec operators appear to use AI-assisted malware development, which can enable even inexperienced actors to quickly produce and refine advanced tools,â Check Point researchers wrote in a blog post . Accelerating vulnerability hunting and exploits The traditionally difficult task of analyzing systems for vulnerabilities and developing exploits can be simplified through use of gen AI technologies. âInstead of a black hat hacker spending the time to probe and perform reconnaissance against a system perimeter, an AI agent can be tasked to do this automatically,â Mingardâs Garraghan says. Gen AI may be behind a 62% reduction in the time between a vulnerability being discovered and its exploitation by attackers from 47 days to just 18 days, according to a recent study by threat intelligence firm ReliaQuest . âThis sharp decrease strongly indicates that a major technological advancement â likely GenAI â is enabling threat actors to exploit vulnerabilities at unprecedented speeds,â ReliaQuest writes. Adversaries are leveraging gen AI alongside pen-testing tools to write scripts for tasks such as network scanning, privilege escalation, and payload customization. AI is also likely being used by cybercriminals to analyze scan results and suggest optimal exploits, effectively allowing them to identify flaws in victim systems faster. âThese advances accelerate many phases in the kill chain, particularly initial access,â ReliaQuest concludes. CSOâs Lucian Constantin offers a deeper look at how generative AI tools are transforming the cyber threat landscape by democratizing vulnerability hunting for for pen-testers and attackers alike. Escalating threats with alternative platforms Cybercriminals are rapidly shifting from ChatGPT to new AI models from China â DeepSeek and Qwen â to generate malicious content. âThreat actors are openly sharing techniques to jailbreak these models, bypass security controls, and create malware, info-stealers, and spam campaigns with minimal restrictions,â according to Check Point Research. âSome are even discussing how to use these AI tools to evade banking anti-fraud protections â a significant escalation in cyber threats.â âMultiple discussions and shared techniques on using DeepSeek to bypass banking system anti-fraud protections have been found, indicating the potential for significant financial theft,â Check Point warns in a technical blog post . China-based AI company DeepSeek , whose recent entry has sent shockwaves through the industry , is weakly protected against abuse compared to its Western counterparts. Check Point Research explains: âWhile ChatGPT has invested substantially in anti-abuse provisions over the last two years, these newer models appear to offer little resistance to misuse, thereby attracting a surge of interest from different levels of attackers, especially the low skilled ones â individuals who exploit existing scripts or tools without a deep understanding of the underlying technology.â Cybercriminals have also begun developing their own large language models (LLMs) â such as WormGPT , FraudGPT, DarkBERT, and others â built without the guardrails that constrain criminalsâ misuse of mainstream gen AI platforms. These platforms are commonly harnessed for applications such as phishing and malware generation. Moreover, mainstream LLMs can also be customized for targeted use. Security researcher Chris Kubecka recently shared with CSO how her custom version of ChatGPT, called Zero Day GPT, helped her identify more than 20 zero-days in a matter of months. Breaking in with authentication bypass Gen AI tools can also be abused to bypass security defences such as CAPTCHAs or biometric authentication. âAI can defeat CAPTCHA systems and analyze voice biometrics to compromise authentication,â according to cybersecurity vendor Dispersive. âThis capability underscores the need for organizations to adopt more advanced, layered security measures.â Countermeasures Collectively the misuse of GenAI tools is making it easier for less skilled cybercriminals to earn a dishonest living. Defending against the attack vector challenges security professionals to harness the power of artificial intelligence more effectively than attackers. âCriminal misuse of AI technologies is driving the necessity to test, detect, and respond to these threats, in which AI is also being leveraged to combat cybercriminal activity,â Mindgardâs Garraghan says. In a blog post, Lawrence Pingree, VP of technical marketing at Dispersive, outlines preemptive cyber defenses that security professionals can take to win what he describes as an âAI ARMS (Automation, Reconnaissance, and Misinformation) raceâ between attackers and defenders. âRelying on traditional detection and response mechanisms is no longer sufficient,â Pingree warns. Alongside employee education and awareness programs, enterprises should be using AI to detect and neutralize generative AI-based threats in real-time. Randomization and preemptive changes to IP addresses, system configurations, and so on, can act as an obstacle to attack. Leveraging AI to simulate potential attack scenarios and predict adversary behavior through threat simulation and predictive intelligence also offers increased resilience against potential attacks. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below.

全部新闻