On January 24, 2024, the U.K.’s National Cyber Security Centre (NCSC) released a new report, The near-term impact of AI on the cyber threat, detailing how Artificial Intelligence (AI) will impact the effectiveness of cyber operations for 2025 and beyond.
According to the report, threat actors are already using AI in cyber attacks and the use of malicious AI will “almost certainly” increase the volume and impact of cyber attacks, particularly ransomware, over the next two years. AI capabilities are likely to enhance the generation of malware, enable faster discovery of vulnerable devices with precision, and assist with lateral movement by making existing techniques more efficient. If initial access is established, AI’s ability to perform real-time data analysis will likely enable a threat actor to surgically identify valuable data prior to commencing exfiltration and thereby enhancing the attack’s impact on a company, which could allow for more effective data extortion attempts.
The report further suggests that threat actors have already started developing criminal Generative AI (GenAI) and offering “GenAI-as-a-service” to anyone willing to pay. The effectiveness of GenAI models, however, will be limited by the quantity and quality of exploit data on which the model is trained. “AI has the potential to generate malware that could evade detection by current security filters, but only if it is trained to exploit data. There is a realistic possibility that highly capable states have repositories of malware that are large enough to effectively train an AI model for this purpose,” said the report.
While the report suggests that only highly capable nation state threat actors, commercial companies offering capabilities to states worldwide, and organized criminal groups have enough exploit training data and financial resourcing to leverage AI in sophisticated cyber attacks, publicly available AI models will continue to lower the barrier to entry for less skilled threat actors to carry out attacks over the next two years. According to James Babbage, Director General for Threats at the National Crime Agency, “AI services lower barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed and effectiveness of existing attack methods.” The biggest impact will likely be in social engineering as threat actors use AI to create more convincing phishing emails.
Companies are encouraged to implement protective measures, such as following ransomware and cybersecurity hygiene best practices to strengthen their defenses and enhance their resilience to cyber attacks.