Darkreading.com reported that “One trend we’ve seen in recent years is a rise of “as-a-service” offerings. Early hackers were tinkerers and mischief-makers, tricking phone systems or causing chaos mostly as an exercise in fun. This has fundamentally changed. Threat actors are professional and often sell their products for others to use.” The July 5, 2023 article entitled “A Golden Age of AI … or Security Threats?” (https://www.darkreading.com/vulnerabilities-threats/a-golden-age-of-ai-or-security-threats-) Included these comments:
AI will fit very nicely into this way of working. Able to create code to tackle specific problems, AI can amend code to target vulnerabilities or take existing code and change it, so it’s not so easily detected by security measures looking for specific patterns.
But the possibilities for AI’s misuse doesn’t stop there. Many phishing emails are detected by effective filtering tools and end up in junk folders. Those that do make it to the inbox are often very obviously scams, written so badly they’re borderline incomprehensible. But AI could break this pattern, creating thousands of plausible emails that can evade detection and be well-written enough to fool both filters and end users.
Spear-phishing, the more targeted form of this attack, could also be revolutionized by this tech. Sure, it’s easy to ignore an email from your boss asking you to wire cash or urgently buy gift cards — cybersecurity training helps employees avoid this sort of scam. But what about a deep-fake phone call or video chat? AI has the potential to take broadcast appearances and podcasts and turn them into a convincing simulacrum, something far harder to ignore.
Interesting time, so watch out!