The UK’s National Cyber Security Centre (NCSC) on Wednesday predicted that the widespread use of AI by malicious actors will lead to an increase in cyber threats.
The NCSC says that actors of all kinds — state, non-state, skilled, and unskilled — are already using AI at varying degrees.
The government body conveyed these findings in its assessment titled “The near-term impact of AI on the cyber threat.” The report puts forward the NCSC’s cyber threat outlook till 2025.
While it expects the volume and impact of cyber threats, including ransomware, to go up due to AI, it does not predict sophisticated use cases to develop in the near term.
“More sophisticated uses of AI in cyber operations are highly likely to be restricted to threat actors with access to quality training data, significant expertise (in both AI and cyber), and resources. More advanced uses are unlikely to be realised before 2025,” the NCSC stated.
Ransomware and Social Engineering Attacks to Increase Due to AI
The NCSC said that access to AI tools will have differing impacts on cybercriminals based on their level of expertise and operations.
“AI lowers the barrier for novice cyber criminals, hackers-for-hire and hacktivists to carry out effective access and information gathering operations. This enhanced access will likely contribute to the global ransomware threat over the next two years,” the organization stated in its report.
Ransomware groups are already using AI for reconnaissance, phishing, and coding to enhance their operations. In particular, NCSC worries that the ease with which actors can launch phishing attacks will contribute to an increased ransomware threat in the near term. This is because phishing is a crucial technique to deliver malware or steal information to penetrate into systems.
Additionally, Generative AI has already made social engineering attacks much more convincing. Furthermore, the NCSC predicts that these attacks will only grow more dangerous and difficult to detect as the models evolve and become more ubiquitous.
Sophisticated Malware a Threat to Watch Out for Post 2025
The primary threat from AI in the near term is the increased access that helps cyber criminals at all levels. However, a more dangerous threat to look out for is the likelihood of AI creating sophisticated malware that can bypass existing security filters.
This would have a devastating impact on many of the present-day threat protection services. Currently, the NCSC predicts that humans will be heavily involved in malware development due to the need for expertise and a lack of quality training data. However, it warns that some state actors may already possess said capabilities.
“AI has the potential to generate malware that could evade detection by current security filters, but only if it is trained on quality exploit data.”
“There is a realistic possibility that highly capable states have repositories of malware that are large enough to effectively train an AI model for this purpose,” the NCSC warned.
In the meantime, we recommend taking necessary precautions to keep yourself safe online. Maintaining proper cyber hygiene is a crucial first step in staying protected.
