AI will make it harder to distinguish legitimate emails from those sent by scammers and other bad actors. This includes messages that prompt users to reset their passwords.
The National Cyber Security Centre (NCSC) warned that the increasing sophistication of AI technologies will make it difficult for humans to recognize phishing messages, which aim to fool users into divulging sensitive information such as passwords or personal details.
Chatbots like ChatGPT and open source models, which are free and available to anybody, have made generative AI—a phrase for technology that can generate convincing text, speech, and graphics from simple hand-typed prompts—very accessible to the general public.
The National Cyber Security Centre (NCSC), which is a branch of the Government Communications and Signals Directorate (GCHQ) intelligence agency, has predicted that, over the next two years, artificial intelligence will “almost certainly” raise both the frequency and severity of cyberattacks on the United Kingdom.
Generative artificial intelligence (AI) and large language models (LGMs), which are the building blocks of chatbots, will make it harder to detect various forms of assault including spoof messages and social engineering (the practice of convincing someone to divulge sensitive information).
“To 2025, generative AI and large language models will make it difficult for everyone, regardless of their level of cybersecurity understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts.”
The National Cyber Security Centre (NCSC) warned that ransomware attacks, which have affected organisations like the Royal Mail and the British Library in the last year, were likely to escalate.
The report cautioned that thieves and hackers with less experience can use AI to “lower the barrier” to enter targets’ networks, collect information, and perhaps paralyse their computers, steal sensitive data, and demand a ransom in cryptocurrencies.
According to the NCSC, generative AI tools have already made phishing attacks more convincing by generating false “lure documents” that were either created or edited by chatbots to remove translation, spelling, or grammar mistakes.
Although it acknowledged that generative AI has become a capable coding tool, it stated that ransomware code will not be made more successful by it, but that it would aid in filtering and identifying targets.
The UK’s data watchdog, the Information Commissioner’s Office, reported 706 ransomware attacks in 2022, up from 694 the previous year. According to the agency’s warning, state actors likely possess sufficient malware to train an artificial intelligence model that may generate new code that could circumvent protection settings.
According to the NCSC, training such a model would require data taken from the target. “Among cyber threat actors, highly capable state actors are almost certainly best placed to harness the potential of AI in advanced cyber operations,” asserts the NCSC research.
According to the NCSC, AI can also be used defensively; this technology can identify assaults and create safer systems. The UK government issued new instructions forcing companies to strengthen their defenses against ransomware assaults, which coincided with the release of the report.
With the release of the “Cyber Governance Code of Practice,” the National Cyber Security Council (NCSC) hopes to elevate information security to the same level as legal and financial management. However, cybersecurity professionals have demanded more robust measures.
“An incident of the severity of the British Library attack is likely in each of the next five years,” warns Ciaran Martin, a former head of the NCSC, unless public and private entities drastically alter their strategy towards the danger of ransomware.
Martin stated in a newsletter that the United Kingdom should reconsider its strategy towards ransomware. This includes doing away with “fantasies” of “striking back” against criminals operating in hostile nations and establishing stricter regulations for the payment of ransoms.
The following may pique your interest if you enjoyed this technical subject: