The National Cyber Security Centre report highlights social engineering as a critical area where AI will significantly enhance capabilities, making phishing attacks more convincing and more challenging to spot.

Artificial intelligence (AI) is set to significantly increase cyber threats, particularly ransomware attacks, over the next two years, according to a report by the United Kingdom’s National Cyber Security Centre (NCSC).

In its report, the NCSC outlines how AI’s effect on cyber threats can be balanced by leveraging AI to strengthen cybersecurity through detection and improved design. However, it recommended further study to gauge how AI advancements in cybersecurity will mitigate the impact of threats.

A ransomware attack is a cyberattack in which malicious software is deployed to encrypt a victim’s files or entire system. The attackers then demand a ransom, typically in cryptocurrency, to provide the victim with the decryption key or tools to restore access to their data.

The influence of AI on cyber threats is expected to vary, favoring advanced state actors with more access to sophisticated AI-driven cyber operations. The report highlights social engineering as a critical area where AI will significantly enhance capabilities, making phishing attacks more convincing and more challenging to spot.

The NCSC report states that AI will mainly enhance threat actors’ abilities in social engineering. Generative AI can already create convincing interactions, like documents that trick individuals, free of translation and grammatical errors common in phishing, and this trend is expected to grow over the next two years as models evolve and gain popularity.

Supporting this statement, James Babbage, director general for threats at the National Crime Agency, said:

“AI services lower barriers to entry, increasing the number of cyber criminals, and will boost their capability by improving the scale, speed, and effectiveness of existing attack methods. Fraud and child sexual abuse are also particularly likely to be affected.”

The NCSC assessment points out challenges in cyber resilience due to AI models like generative AI and large language models. These models make verifying the legitimacy of emails and password reset requests difficult. The decreasing time between security updates and threat exploitation makes it challenging for network managers to quickly patch vulnerabilities.

Source - Coin Telegraph