The Security Predictions report points to an explosion in the use of Generative AI in cybercrime, mainly in phishing and credential theft
The use of Artificial Intelligence (AI), especially generative tools, in virtual scams will grow significantly in the coming years. The study "Critical Scalability: Security Predictions for 2024, gives Trend Micro, a global leader in cybersecurity, envisions a tsunami of sophisticated social engineering attacks, with tactics based on Generative AI tools fueled by credential theft.
According to the report, the widespread availability and improved quality of Generative AI, along with the use of Generative Adversarial Networks (GANs), will shake up the phishing market in 2024. This transformation will enable the creation of hyper-active audio and video content. realistic – scammers will be able to pose as important executives, such as CEOs, to request money transfers – driving a new wave of Business Email Compromise (BEC) attacks, also known as “CEO Fraud”, in addition to virtual kidnappings, among other modalities of blows.
“AI and LLM (Large Language Models) capabilities, effective in any language, pose a significant threat as they eliminate traditional indicators of phishing, such as strange formatting or grammatical errors, making them extremely difficult to detect. Companies must adopt modern security controls to elevate their defenses and ensure resilience against these tactics,” highlights Eric Skinner, vice president of Market Strategy at Trend Micro.
Trend researchers say the prospect of ever-higher profits* motivates cybercriminals to develop nefarious Generative AI tools for these campaigns, in addition to using legitimate tools to steal credentials and VPNs to hide identities.
AI models themselves could also be targets in 2024. While AI models Machine Learning Cloud-based data sets are much more attractive, as Generative AI and LLM datasets are more difficult to influence, datasets that are more focused on what they are trained on can be selected for data compromise attacks with different objectives, from exfiltration of confidential information to blocking fraud filters and connected vehicles. These attacks already cost less than US$ 100 to carry out.
These trends can, in turn, lead to improvements in the regulatory process, even encouraging the cybersecurity sector to take matters into its own hands. “Over the next year, the cyber industry will begin to outpace the government when it comes to developing AI-specific security regulatory policies,” says Greg Young, vice president of Cyber Security at Trend Micro. “The industry is moving quickly to self-regulate on an opt-in basis,” he adds.
The Trend Micro Forecasts report also highlights for 2024:
Increase in worm attacks (a type of malware that multiplies on its own) cloud native, which targets vulnerabilities and misconfigurations and uses a high degree of automation to impact multiple containers, accounts and services, with minimal effort;
Need for investment in cloud security, crucial for organizations to resolve security gaps, with emphasis on the vulnerability of cloud-native applications and protection from automated attacks. Proactive measures, including robust defense mechanisms and thorough security audits, are essential to mitigate risks;
Increase in supply chain attacks, which will target not only Upstream (original) open source software components, but also telecommunications Security Management System (SIM) resources, essential for fleet and inventory systems. Cybercriminals should also exploit software supply chains through CI/CD systems (Continuous Integration/ Continuous Delivery, i.e., with continuous integration and delivery), with a specific focus on third-party components.
Growth of attacks on private blockchains, resulting from vulnerabilities in the implementation of a series of private blockchains. Hackers can use these weaknesses to modify, replace or delete entries and then demand a ransom. Alternatively, they could try to encrypt the entire blockchain if it is possible to take control of enough points.
To read a full copy of the report “Critical Scalability: Trend Micro Security Predictions for 2024 click ON HERE.
* BEC has cost victims more than US$ 2.7 billion in 2021, according to the FBI.
