"CISOs must prepare for "a really different world" where cybercriminals can reliably automate cyberattacks at scale, according to a senior Googler."
""It's just a matter of time before somebody puts all of these things together, end-to-end," she said. "And what I fear the most is somebody developing the capability to prompt a model to hack any company, and the model being able to come back in a week with a root prompt. If that ends up happening, I think it'll be a slow ramp over the next six to 18 months.""
"Sandra Joyce, VP at GTIG, added that China, Iran, and North Korea are all abusing AI tools to aid different stages of their respective attacks. These include initial network reconnaissance and C2 development, as well as the aforementioned phishing copy and data-stealing commands."
Cybercriminals are already using AI to automate discrete parts of attack workflows such as grammar, spell-checking phishing copy, and other productivity enhancements. Malware families are using large language models to generate commands that steal victim data. Nation-state actors including China, Iran, and North Korea are abusing AI for reconnaissance, command-and-control development, phishing, and data exfiltration. The individual AI-enabled components in use today could be chained into full end-to-end toolkits resembling modern exploit kits. Defensive teams are adopting the same AI tools, but security leaders should prepare for a likely six- to 18-month ramp toward scaled automation.
#ai-enabled-cybercrime #automated-attack-toolkits #phishing-and-social-engineering #nation-state-threats
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]