By Odhiambo David | odhisdavid59@gmail.com
Amidst the rising cases of cybercrime threats propelled by Artificial Intelligence (AI), experts call for innovative solutions to safeguard businesses and individuals alike.
This warning comes in the wake of Trend Micro’s detection of over 1.8 million malware instances targeted at Kenyan businesses and consumers last year.
Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro, said that, “the speed and scalability of AI are amplifying the sophistication of social engineering techniques, enabling cybercriminals to efficiently exploit vast datasets for their malicious intents. To counter these threats, defenders must comprehend the evolving nature of the challenges and adapt their security strategies accordingly.”
Before the advent of generative AI, cybercriminals primarily relied on two phishing strategies: mass-blasting a multitude of targets or meticulously targeting specific individuals, known as ‘harpoon phishing’ or ‘whale phishing.’ However, the emergence of generative AI is blurring these distinctions, facilitating targeted, error-free, and tonally convincing messages on a mass scale across multiple languages. This evolution extends beyond emails and texts, now encompassing persuasive audio and video ‘deepfakes,’ posing even more profound threats to businesses.
Consider a scenario where a company mandates live voice authorization for transactions exceeding a million dollars. An attacker could send an authentic-looking email request with a tampered phone number and answer the confirmation call using a deepfaked voice, thereby validating the fraudulent transaction.
Trend Micro experts anticipate a surge in nefarious large language model (LLM) development efforts in 2024, accompanied by the proliferation of new tools for malware authorship and reconnaissance. This trend might give rise to a novel cybercriminal service called ‘reconnaissance as a service’ (ReconaaS), wherein AI is leveraged to extract valuable personal information from stolen data, subsequently sold to enable ultra-targeted attacks.
Criminals are also directing their efforts towards compromising AI applications themselves. Initially, malicious prompts were injected into AI systems, but recent trends indicate a shift towards hijacking and jailbreaking apps, signaling heightened criminal interest in these tactics.
In response to the AI-enabled escalation of cybercrime, Trend Micro advocates for a combination of zero-trust approaches and AI-powered security measures. Zero trust mandates continual verification of identities, limiting access to sensitive information and processes to authorized entities only. This, coupled with AI-driven sentiment analysis and web page evaluation, fortifies defenses against sophisticated phishing attempts.
“Over the next year, local businesses should brace themselves for cybercriminals leveraging AI in unprecedented ways. Nevertheless, defenders can leverage technology to their advantage by amalgamating AI with zero-trust security frameworks and fostering a robust security culture,” concludes Ebrahim.
Trend Micro is a global cybersecurity leader that helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, its cybersecurity platform protects 500,000+ organizations and 250+ million individuals across clouds, networks, devices, and endpoints.