Cybercriminals of all skill levels are utilising AI to hone their skills, but security experts warn that AI is also helping to track them down.
At a workshop at Fordham University, National Security Agency head of cybersecurity Rob Joyce stated that AI is assisting Chinese hacker groups in bypassing firewalls when infiltrating networks.
Joyce warned that hackers are using generative AI to enhance their use of English in phishing scams, as well as to provide technical help when penetrating a network or carrying out an attack.
Two sides of the same coin
2024 is expected to be a pivotal year for state-sponsored hacking groups, particularly those operating on behalf of China and Russia. Taiwan's presidential election begins in a few days, and China will want to influence the result in its pursuit of reunification. However, attention will be centred around the upcoming US elections in November, as well as the UK's general election in the second half of 2024.
China-backed groups have begun developing highly effective methods for infiltrating organisations, including the use of artificial intelligence. "They're all subscribed to the big name companies that you would expect - all the generative AI models out there," adds Joyce. "We're seeing intelligence operators [and] criminals on those platforms.”
In 2023, the US saw a surge in attacks on major energy and water infrastructure facilities, which US officials attributed to groups linked to China and Iran. One of the attack techniques employed by the China-backed 'Volt Typhoon' group is to get clandestine access to a network before launching attacks using built-in network administration tools.
While no specific examples of recent AI attacks were provided, Joyce states, "They're in places like electric, transportation pipelines, and courts, trying to hack in so that they can cause societal disruption and panic at the time and place of their choosing."
China-backed groups have gained access to networks by exploiting implementation flaws - vulnerabilities caused by poorly managed software updates - and posing as legitimate users of the system. However, their activities and traffic inside the network are frequently odd.
Joyce goes on to say that, "Machine learning, AI and big data helps us surface those activities [and] brings them to the fore because those accounts don't behave like the normal business operators on their critical infrastructure, so that gives us an advantage."
Just as generative AI is expected to help narrow the cybersecurity skills gap by offering insights, definitions, and advice to industry professionals, it may also be reverse engineered or abused by cybercriminals to guide their hacking activities.
