"“We have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” reads the report."
"Google said the hackers used AI to identify what's known as a zero-day vulnerability, a flaw in a piece of software that wasn't previously known to its developers. When exploited, they leave the developers on the back foot, as the hackers are free to wreak havoc until the white hats figure out how to plug the hole."
"In this case, the zero-day bug would've allowed the hackers to bypass two-factor authentication on an unspecified “popular open-source, web-based system administration tool,” but only if the attackers knew a person's user name and password. Given that two-factor authentication is the last meaningful line of defense for most users, and that their passwords are likely weak if they weren't already leaked online in the first place, the ability to sidestep it could've been catastrophic even if the hackers weren't armed with that information."
"“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” the report stated. The researchers said this was the first example of a zero-day vulnerability being exploited by hackers that was developed with AI."
A cyberattack used AI to uncover a previously unknown zero-day vulnerability in Google software that developers had not identified. Researchers reported high confidence that the actor leveraged an AI model to support discovery and weaponization. The vulnerability could have allowed attackers to bypass two-factor authentication on a popular open-source, web-based system administration tool, but only with a known username and password. Two-factor authentication is described as the last meaningful defense for most users, so bypass capability could have been catastrophic, especially if passwords were weak or already exposed. The report states the actor planned mass exploitation, but proactive counter-discovery prevented use. It is presented as the first example of an AI-developed zero-day being exploited by hackers.
#cybersecurity #ai-enabled-attacks #zero-day-vulnerabilities #two-factor-authentication #threat-intelligence
Read at Futurism
Unable to calculate read time
Collection
[
|
...
]