With the help of AI, cyber threats are taking on a new form. Criminals use this to target identities and bypass authentication mechanisms. These are all new AI attack vectors.
Artificial intelligence (AI) is impacting modern society at an unprecedented pace. ChatGPT and other generative AI tools offer many advantages, but they can also be used by attackers and thus cause a lot of damage. CyberArk Labs has now examined this evolving threat landscape to better understand what new AI attack vectors mean for identity security programs and to help develop new defense strategies.
Specifically, CyberArk analyzed three new attack scenarios.
AI Scenario 1: Vishing – Voice Phishing
Employees have become very wary of phishing emails and know what to look out for. When it comes to vishing, i.e. voice phishing, this skepticism is often not present, which opens up new opportunities for cyber attackers. AI text-to-speech models make it easy for them to use publicly available information such as CEO interviews in the media and impersonate company executives. By building trust with their target, they can gain access to login credentials and other sensitive information.
Such vishing attacks can now be carried out at scale using automated, real-time generation of text-to-speech models. Such AI-based deepfakes are already commonplace and are very difficult to detect. AI experts predict that AI-generated content will eventually become indistinguishable from human-generated content.
AI scenario 2: Biometric authentication
Facial recognition is a proven biometric authentication option for access to devices and infrastructure. But it can also be outsmarted by attackers who use generative AI to compromise identities and gain access to a corporate environment. Generative AI models have been around for years. So you can ask the question: Why is there so much fuss about this now? In a word: it's scaling. Today's models can be trained to an incredible extent. ChatGPT-3, for example, has 175 billion parameters, more than a hundred times more than ChatGPT-2. This exponential growth in parameters supports realistic fakes, including in terms of facial recognition.
AI Scenario 3: Polymorphic Malware
In principle, all types of code can be written with generative AI, including malware or polymorphic malware that can bypass security solutions. Polymorphic malware changes its implementation while maintaining its original functionality. For example, it is possible that an attacker could use ChatGPT to generate an infostealer and continuously modify the code. If the attacker infects a device with the malware and accesses locally stored session cookies, he could impersonate the device's user, bypass security defenses and access target systems unnoticed.
Identities are the main target
The three AI-based cybersecurity threats show that identities are the primary target of attackers as they provide the most effective way to gain access to sensitive systems and data. The use of an identity security solution is therefore essential to avert danger. This securely authenticates identities and authorizes them with the correct permissions, giving them access to critical resources in a structured manner. Malware-agnostic defense techniques are also important. That is, companies should also take preventative measures such as implementing least privilege or conditional access policies on local resources (such as cookie storage) and network resources (such as web applications).
AI will also support defense in the future
“Although AI-based attacks pose a threat to IT security, AI is also a powerful tool for threat detection and defense,” emphasizes Lavi Lazarovitz, Vice President Cyber Research at CyberArk Labs. “AI will be an important component in the future to address changing threat landscapes, improve agility and help companies stay one step ahead of attackers.”
More at CyberArk.com
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.