Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses.
The latest threats from AI you should be concerned about
The NCSC recognised that AI will play as a contributing factor to how cyber-attacks operate, and said ‘AI provides capability uplift in reconnaissance and social engineering, almost certainly making both more effective, efficient, and harder to detect’, further proving that AI is a threat to businesses when it comes to cyber security. (NCSC, 2024) Below are some of AI assisted cyber-attacks you should be aware of.
- AI-Enhanced Phishing Emails/Messages: Cybercriminals use AI to create deceptive messages that appear to come from trusted sources, tricking the receiver(s) into revealing sensitive information.
- AI Voice Phishing: This method involves AI-generated voice calls that can convincingly mimic known contacts, enhancing the deception, making it more easier for cyber attackers to get victims to trust them.
- AI Enhanced Malware Development: Cybercriminals use AI to create sophisticated malware that can evade detection by altering its code with each execution.
To help raise awareness of these threats within your business the NCSC back Cyber Essentials Certification. This would provide a set of basic security recommendations that businesses can implement to reduce the risk of cyberattacks.
What is AI Voice Scamming?
One of the newer technologies that is being utilised by Cyber Attackers is AI Voice technology, which replicates human voices through audio output. Though its entertaining uses for personal use, it also serves as a tool for cyber criminals who exploit it to commit fraud. Utilising the ability to train voice models from people’s voices, cyber criminals are able to easily exploit this new AI tool to commit fraud, by tricking victims into believing that the person they’re talking to is who they’re impersonating.
Why are Businesses Still Ignoring Cyber Security:
Many businesses still underestimate the critical importance of cybersecurity, even with the increasing dependency on it. (BBC, n.d.) The reason for this often lies with the cost of setting up cybersecurity, and the time to train staff with it. Businesses often get dissuaded due to these initial costs but fail to recognise that the cost of dealing with recovering from a cyber-attack far exceeds that of the initial investment of getting cyber security. With the advancements of AI adding to the sophistication of these cyber-attacks and scams, it is important that businesses are ready. According to a report from Cifas, an anti-fraud organisation, AI tools being used to try and trick bank systems increased by 84% in 2022. (Financial Times, n.d.)
AI’s evolution, while beneficial for many aspects of business and personal use, significantly increases the potential for cyber-attacks. The recent prevalence of AI Voice scamming and other AI-driven threats necessitates the need for efficient and strong cybersecurity measures. Businesses must adopt proactive defences and continuous monitoring to protect themselves, and to prevent the need to spend on a cyber-attack recovery. As AI technology evolves, so too must our security strategies to ensure AI remains a beneficial tool rather than a threat.
References
BBC, n.d. BBC. [Online]
Available at: https://www.bbc.com/news/articles/c988v355e8do
BBC Content Reference:
Financial Times, n.d. Financial Times. [Online]
Available at: https://www.ft.com/content/beea7f8a-2fa9-4b63-a542-88be231b0266
NCSC, 2024. NCSC. [Online]
Available at: https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat
[Accessed 2024].
NOTE: To access Financial Times without paying: https://archive.is/gFkX4#selection-2335.1-2343.305