Supercharged Attacks: Analyzing Generative AI Usage by Cyber Threat Actors |
||
|
|
|
© 2024 by IJCTT Journal | ||
Volume-72 Issue-4 |
||
Year of Publication : 2024 | ||
Authors : Varadharaj Varadhan Krishnan | ||
DOI : 10.14445/22312803/IJCTT-V72I4P111 |
How to Cite?
Varadharaj Varadhan Krishnan, "Supercharged Attacks: Analyzing Generative AI Usage by Cyber Threat Actors," International Journal of Computer Trends and Technology, vol. 72, no. 4, pp. 87-94, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I4P111
Abstract
This paper investigates cybercriminals using Generative Artificial Intelligence (AI) technology to improvise cyberattacks. Recent generative AI innovations like chatGPT and other pre-trained large language models have emerged as a double-edged sword in cybersecurity. The paper explores how malicious actors leverage large language models to improve their tactics, techniques, and procedures, ranging from refined phishing to advanced malware development and vulnerability research. By analyzing reports and data published by industry-leading cybersecurity organizations, this study reveals how generative AI is currently being used and how it can further supercharge cyberattacks. The paper also discusses in detail how generative AI technology makes it easier and lowers the barriers for cyber threat actors to become effective, along with strategies and approaches an organization can use to counter these supercharged attacks.
Keywords
Generative AI, Cybersecurity, Cyber Threat Actors, Cyber Defense Strategy, AI-Powered Cyber Attacks.
Reference
[1] Lucia Stanham, Generative AI (Genai) in Cybersecurity, CrowdStrike, 2023. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/secops/generative-ai/
[2] Michelle Cantos, Sam Riddell, and Alice Revelli, The Use of Generative AI by Threat Actors: A Limited but Growing Concern, Mandiant, 2023. [Online]. Available: https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited
[3] Staying Ahead of Threat Actors in the Age of AI, Microsoft, 2024. [Online]. Available: https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
[4] Ashish Vaswani et al., “Attention is All You Need,” Arxiv, pp. 1-15, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[5] State of the Underground 2024, Cybersixgill, pp. 1-52, 2024. [Online]. Available: https://cybersixgill.com/resources/state-of-the-underground-2024
[6] Generative AI, Forrester. [Online]. Available: https://www.forrester.com/blogs/category/generative-ai/
[7] Syed Ali, and Frank Ford, Generative AI and Cybersecurity: Strengthening Both Defenses and Threats, Bain & Company, 2023. [Online]. Available: https://www.bain.com/insights/generative-ai-and-cybersecurity-strengthening-both-defenses-and-threats-tech-report-2023/
[8] Generative AI and Cybersecurity: Bright Future or Business Battleground?, Voice of Secops, 4 th Edition, Deep Instinct, 2023. [Online]. Available: https://www.deepinstinct.com/pdf/voice-of-secops-4th-edition
[9] Phil Tully, and Lee Foster, “Repurposing Neural Networks to Generate Synthetic Media For Information Operations,” Black Hat USA, pp. 1-41, 2020.
[Google Scholar] [Publisher Link]
[10] John Seymour, and Philip Tully, “Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter,” Black Hat USA, pp. 1-8, 2016.
[Google Scholar] [Publisher Link]
[11] Eugene Lim et al., “Turing in a Box: Applying Artificial Intelligence as a Service to Targeted Phishing and Defending against AI-Generated Attacks,” Black Hat USA, pp. 1-11, 2021.
[Google Scholar] [Publisher Link]
[12] Arielle Waldman, MGM Faces $100M Loss from Ransomware Attack, TechTarget, 2023. [Online]. Available: https://www.techtarget.com/searchsecurity/news/366554695/MGM-faces-100M-loss-from-ransomware-attack
[13] Jannik Lindner, The Most Surprising AI Use In Cyber Security Statistics And Trends in 2024, Gitnux. [Online]. Available: https://gitnux.org/ai-use-in-cyber-security-statistics/
[14] Sangfor, How AI-Powered Solutions Revolutionize Cybersecurity, Sangfor, 2023. [Online]. Available: https://www.sangfor.com/blog/cybersecurity/how-ai-powered-solutions-revolutionize-cybersecurity
[15] Opwnai: Cybercriminals Starting to Use Chatgpt, Check Point Research, 2023. [Online]. Available: https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
[16] Thomas Brewster, Armed with ChatGPT, Cybercriminals Build Malware and Plot Fake Girl Bots, Forbes, 2023. [Online]. Available: https://www.forbes.com/sites/thomasbrewster/2023/01/06/chatgpt-cybercriminal-malware-female-chatbots/?sh=7790a9385534
[17] Carly Page, Is ChatGPT a Cybersecurity Threat?, Techcrunch, 2023. [Online]. Available: https://techcrunch.com/2023/01/11/chatgpt-cybersecurity-threat/
[18] Kyle Wiggers, Code-Generating AI can Introduce Security Vulnerabilities, Study Finds, TechCrunch, 2022. [Online]. Available: https://techcrunch.com/2022/12/28/code-generating-ai-can-introduce-security-vulnerabilities-study-finds/
[19] Ax Sharma, OpenAI's New ChatGPT Bot: 10 Dangerous Things it's Capable of, Bleeping Computer, 2022. [Online]. Available: https://www.bleepingcomputer.com/news/technology/openais-new-chatgpt-bot-10-dangerous-things-its-capable-of/
[20] Chris Wysopal, The Cyber Arms Race in the Age of Generative AI, CSO Online, 2023. [Online]. Available: https://www.csoonline.com/article/1259996/the-cyber-arms-race-in-the-age-of-generative-ai.html
[21] Shengdong Zhang et al., “A Novel Ultrathin Elevated Channel Low-Temperature Poly-Si TFT,” IEEE Electron Device Letters, vol. 20, no. 11, pp. 569-571, 1999.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Kelli Vanderlee, China’s Capabilities for State-Sponsored, Mandiant, pp. 1-15, 2022. [Online]. Available: https://www.uscc.gov/sites/default/files/2022-02/Kelli_Vanderlee_Testimony.pdf
[23] Mark Sweney, “Darktrace Warns of Rise in AI-enhanced Scams Since ChatGPT Release,” The Guardian, 2023.
[Google Scholar] [Publisher Link]
[24] Adam Greenberg, 14 Cyber Security Predictions for 2022 and Beyond, Mandiant. [Online]. Available: https://www.mandiant.com/resources/blog/security-predictions-2022-report
[25] Andrew Blake, Crimeware Tool WormGPT: AI for BEC Attacks, SC Magazine, 2023. [Online]. Available: https://www.scmagazine.com/news/crimeware-tool-wormgpt-ai-bec
[26] Britney Nguyen, A Couple in Canada were Reportedly Scammed Out of $21,000 After Getting a Call from an AI-Generated Voice Pretending to be their Son, Yahoo Entertainment, 2023. [Online]. Available: https://www.yahoo.com/entertainment/couple-canada-werereportedly-scammed-194027194.html?guccounter=2
[27] Elias Groll, ChatGPT Shows Promise of Using AI to Write Malware, Cyber Scoop, 2022. [Online]. Available: https://cyberscoop.com/chatgpt-ai-malware/
[28] ChatGPT Created Malware BYPASSES EDR and claims Bug Bounty, Presented by CodeBlue29, Youtube, 2023. [Online]. Available: https://www.youtube.com/watch?v=qMd-m8GMweg
[29] Maanak Gupta, “From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy,” IEEE Access, vol. 11, pp. 80218- 80245, 2023.
[CrossRef] [Google Scholar] [Publisher Link]