Expect a deepfakes boom as hackers master use of AI, Machine Learning
Experts warn of an uptick in sophisticated AI-assisted and AI-driven attacks successfully evading security controls in 2024
With the growth of Large Language Models (LLMs) like OpenAI's ChatGPT, Artificial Intelligence (AI) exploded in the public arena in 2023. According to experts, this trend is expected to continue beyond 2024, as both hackers and cybersecurity professionals continue to improve their usage of AI and Machine Learning (ML).
Recently, Infosys founder Narayana Murthy's two new deepfake videos were shared on social media, purportedly promoting a so-called investing platform ‘Quantum AI’, claiming that the user of this new technology would be able to earn $3,000 (around Rs 2.5 lakh) on the first working day.
One of the videos showed a morphed version of Murthy claiming to be working on a ‘Quantum AI’ project with tech billionaire Elon Musk.
Zerodha Co-founder and CEO Nithin Kamath posted his own deepfake video, which was convincing enough to fool users into believing it was Kamath himself. He said the aim was to highlight the growing threat posed by AI.
Attacks will become more sophisticated as threat actors continue to use AI tools and 2024 will likely witness an increase in AI-assisted and AI-driven attacks successfully bypassing security controls such as Multi-Factor Authentication (MFA), Zero Trust and other fundamental security technologies and defences.
The researchers also predicted that ransomware attacks are expected to surge in 2024, surpassing the alarming 91 per cent reported in 2022 and said that a rise in cloud adoption could lead to a surge of identity-based attacks.
As per International Data Corporation (IDC), the overall India public cloud services market is expected to surge to $17.8 billion by 2027, exhibiting a formidable CAGR of 23.4 per cent for the period spanning 2022-2027.
According to the cybersecurity company Securonix, financial services, healthcare and education will continue to attract the attention of threat actors as their economic importance and data value make them especially attractive targets.
In late 2022, AIIMS Delhi faced a crippling attack before successfully thwarting another in mid-2023.
"Governmental and non-governmental organisations working on important economic, justice and civic issues are also likely to be a target of misinformation and cyberattack campaigns from foreign and domestic actors," the experts said.
When it comes to phishing emails and social engineering exploits, the trend is likely to continue in 2024.
Last year, phishing attempts surged by 62 per cent and threat actors will likely continue to use phishing emails as a main source of compromise in 2024 with new and evolved tactics, techniques and procedures (TTPs).
According to the experts, 2023 saw QR code-based phishing (quishing) gain popularity and witnessed an uptick in more advanced tactics such as man-in-the-middle (MITM) and adversary-in-the-middle (AiTM) attack methods that leverage tools like EvilProxy.
In addition to phishing, advanced tactics like social engineering and malvertising will continue to be prolific.
The experts also said to prepare for new type of AI-based attacks that might appear in 2024.
"An equally potent threat emerges for every positive stride made in the realm of AI. The dark side of AI can manifest in sophisticated cyber threats and malicious activities fuelled by the same technologies that are designed to enhance efficiency, automation, and decision-making," said CyberArk researchers.
They further said, “As AI becomes more pervasive, adversaries will quickly capitalise on its capabilities, crafting new attack vectors that exploit vulnerabilities in novel ways."
The researchers suggested these predictions for the next year underline the urgency for organisations to invest in cutting-edge technologies, raise awareness, and craft robust strategies that can withstand the onslaught of evolving cyber threats.