The United States government recently announced a hacking challenge for cybersecurity experts to protect critical infrastructure with AI. Called the AI Cyber Challenge, this initiative aims to explore the ways new technologies can help address cyber risks in response to the rise of new threats.
Conventional cybersecurity is no longer enough to fend off attacks from threat actors armed with more sophisticated tactics and an unyielding belligerent aided by new technologies like AI. It makes sense for governments and institutions to step up in addressing modern threats, leveraging collaboration to examine adversarial actions through different perspectives.
Given this effort to anticipate future attacks, here’s a look at three of the new cyber threats or attacks that are expected to reshape the cybersecurity landscape in the years ahead.
AI-assisted cyber attacks
As implied, AI is set to play a major role in the cybersecurity predicament everyone will inevitably have to face. The advancement of generative artificial intelligence, in particular, has armed bad actors with a formidable tool that allows them to expand their capabilities and reach in terrorizing the digital world.
Generative AI like ChatGPT and Bard are capable of writing code, which means they can generate malicious software on the fly. The creators of these technologies have instituted safeguards to prevent cyber criminals from rapidly churning out malware, but there are still loopholes bad actors can exploit. Plus, ChatGPT and Bard are not the only generative AI technologies available. Organized cybercrime groups and state-sanctioned cybercriminals may even come up with their own generative AI based on existing models.
Another way by which AI helps cybercriminals is through deepfakes. AI is already capable of creating fake videos that can be used to spread false information, create public hysteria or panic, and stir dysfunction in organizations or governments. There are fears that deepfakes will be widely used to influence elections. Governments are aware of the threat but there are still no effective solutions against it. Existing deepfake detection tools leave much to be desired in terms of accuracy and efficiency.
Concerning deepfakes, the rise of voice cloning or voice synthesis technology is also aggravating the current cybersecurity situation. Cloned voices can serve as tools for scammers who impersonate family members or colleagues to deceive unsuspecting victims into transferring funds or sending sensitive information to the perpetrator.
Moreover, AI can be used to automate various cyber attack tasks, from reconnaissance to vulnerability analysis and the development of new attack tactics. Advanced persistent threats (APTs) can employ AI algorithms to analyze business networks and security controls to launch attacks that evade detection. AI can also automate and boost ransomware distribution by finding the most suitable asset targets. Additionally, AI can be employed in scrutinizing business correspondence patterns to generate personalized and highly convincing copies for business email compromise (BEC) attacks. There are also AI-powered botnets capable of coordinating overwhelming volumes of malicious traffic for distributed denial-of-service (DDoS) attacks.
Quantum computing threats
Quantum computing promises myriad benefits to push computing technology further. However, it also comes with serious threats. It presents a new frontier for cybersecurity
One of the biggest problems posed by this new technology is its ability to decrypt existing encryption systems at unprecedented speeds. What used to be almost impossible-to-decrypt encryption technologies may be undone in a matter of hours. This means that the existing 256-bit AES encryption used by banks and other institutions may be rendered useless in the face of extremely powerful computers that are capable of performing computations over a hundred times faster than the most powerful computers at present.
This means that as quantum computers inch closer to becoming available to threat actors, it is important for organizations to similarly embrace quantum technology and adopt post-quantum cryptography or quantum-resistant encryption. The problem is that this is going to be costly and the shift towards quantum tech is going to be challenging. Governments and industry associations will have to come up with mechanisms to prevent criminals with access to quantum computing from attacking encryption systems under a collaborative effort to protect those who have yet to adopt quantum technology.
Additionally, quantum computing can be used to boost artificial intelligence, which can serve as a tool for cybercriminals. If existing AI is impressive enough, wait for quantum computing to power AI and deliver astonishing enhancements. This can mean even more realistic deepfakes and cloned voices or malware and botnets that can autonomously scout for vulnerabilities and coordinate attacks. Quantum computing can make it easier and way faster for threat actors to find vulnerabilities, launch an attack, retool their attack to penetrate formidable defenses, launch another attack, and continue with the cycle infinitely.
The human threat
As threat actors employ new technologies for their attacks and organizations similarly use new tech for their defense, there is a vulnerability that may remain the same: people. Unfortunately, the forecast has not changed: humans are still the weakest link in the cybersecurity chain. Human negligence, carelessness, and lack of cybersecurity savviness will still be a major weakness for organizations.
As a 2022 security report shows, 55 percent of employees admitted that they have taken an action that may have risked their IT assets. Some 26 percent said that they landed on a suspicious web page after clicking on an email link. Also, around 17 percent said that they unwittingly compromised their login credentials. These figures do not bode well for the future of cybersecurity, especially with advanced technologies becoming more prominent.
As the age of more technologically advanced cyber threats draws closer, cybersecurity training should not just be a must. It should be an urgent requirement for everyone in an organization. It might be necessary to deploy AI bots to guide or oversee people as they use or access IT assets. It makes sense to have a personalized AI bot for each employee to guide them towards secure IT usage like ascertaining their use of strong passwords, enabling multi-factor authentication, and being more circumspect in downloading files and clicking links.
Complex environments, heterogeneous endpoints, and the growing sophistication of attacks should never be accessible excuses for the continuation of human cybersecurity weakness. It is important to emphasize the urgent need for cybersecurity education and the use of new tech, AI in particular, to keep up with the threats.
There is enough information to reasonably assume that future cyber threats will be more aggressive and sophisticated. The attacks are likely to infuse artificial intelligence and other advanced technologies. Quantum computing can be a major problem. Also, human cybersecurity weaknesses will persist. As such, it is crucial to provide adequate cybersecurity education and safeguards and put in place all applicable controls especially when it comes to network, IoT, cloud, application, and endpoint security.