The rise of AI-powered cyber-crime
The surge in interest around artificial intelligence (AI) generates as much excitement as it does uncertainty. While the benefits are potentially huge, it’s worth staying live to the threats that could also emerge. In the following article, we take a closer look at why AI could be behind a worrying 8% spike in global cyber-attacks1, and share some useful reminders about how to stay safe online.
AI may well be the new investor buzzword, but as it rapidly evolves, so too does the threat of AI-powered cyber-crime.
Criminals are looking to harness the power of AI to develop more sophisticated and hyper-targeted attacks.
“AI looks like it’s at the start of a similar evolutionary curve to ransomware,” says Matt Lane, Director and Co-Founder of XCyber, a cyber security firm that offers state-grade services to its clients.
“When ransomware first came out, it was more of an isolated problem. But we know now how ransomware has evolved – and the harm it can cause – with the technology now widely available to the cyber-criminals.
“And although the AI-driven cyber threat can be considered small today, once the cyber-criminals get to grips with manipulating the power of AI for malicious use there could be much worse to come – albeit the risk is only theoretical so far.”
While ransomware typically hijacks a computer and prevents access to the device until a ransom is paid, AI has the potential to launch a range of attack techniques, some of which could be more subtle and difficult to detect.
“The real AI-fuelled cyber threat is the ability to automate tasks at a scale previously not possible,” says Lane. “By processing huge amounts of data, vulnerabilities can be found that existing cyber security tools may not notice. AI can also automate the process of creating highly targeted phishing emails – which today takes time and effort – meaning attackers can then send out more emails and target more people.”
Looking into the future
The bottom line is that if there’s a way to access your network, your private life, emails or your office, there’s a good chance AI will find it. But by staying alert to the threat, you can improve your chances of staying safe.
“AI cyber-crime may still be in its early stages, but you can nevertheless take steps to protect yourself now,” says Hannah Rodden, Fraud Awareness Manager at Barclays. “Good cyber hygiene is always the best defence. It means being aware of the latest threats, using strong passwords and security measures, such as two-factor authentication, and being cautious about what you share online.”
For tips on staying safe, learn more about the top 5 cyber threats in 2023.
Some experts think AI could be as transformative as the Industrial Revolution, but to others it feels like we’re stumbling into a dystopian future.
And while it may not be too far-fetched to think AI could be used to target individuals with hyper-targeted emails that mimic the writing styles of friends, colleagues or even family, the good news is that there are thankfully controls being put in place to prevent the misuse of AI.
Tools like the popular ChatGPT and Google’s Bard now have protections to limit the type of negative content its AI models can produce. Instead, fraudsters have started to create their own large-language models for nefarious purposes that lack these restrictions, which they are now advertising on the dark web2.
“The main two out there right now are WormGPT and FraudGPT, which have been designed specifically for hackers, spammers and cyber-criminals,” says Lane at XCyber.
“As AI technology continues to develop, it’s likely criminals will find even more ways to use it to target individuals and organisations.”
A new era of threats?
High-net-worth individuals are often targeted by cyber-criminals, as they are perceived to be high-value targets but without the same level of security as corporations.
They also tend to have large digital footprints and a strong online presence, which makes them more searchable and potentially overexposed. All of this is manna from heaven for AI crawlers.
“You never know you are a target for the cyber-criminals until you are,” warns Lane at XCyber. “Fraudsters are always looking at ways to gain the most from their attacks with the least amount of effort and resources.
“For instance, even today, criminals can dig around and create a detailed profile of you from the information that’s already out there online. This can come from a variety of sources, including the information you’ve intentionally shared on social media, data leaks and even news articles.
“But once these hackers start to use AI more effectively, and co-opt it for their gains, it will make it far easier for them to search for and target high-net-worth individuals.
“Of course, the threat of AI-fuelled attacks may be being overblown. But if you keep taking these generative leaps down a certain path – adding further levels of scale and sophistication – it’s likely to usher in a new era of cyber risk.”
An AI takeover? Not quite
As always, the message remains the same: Stay alert and take the time to keep yourself safe. Use strong passwords, never share your personal details and don’t be afraid to question something that doesn’t feel right.
By making a conscious effort to keep your defences robust, you can stack the odds more in your favour as the cyber-criminals think of ever-more creative ways to attack you.
“When focusing on the potential for AI-enabled cyber-crime, it’s easy to overlook the benefits its legitimate use bestows,” adds Lane at XCyber. “As much as cyber-criminals will seek to exploit the technology, cyber-security professionals will devise innovative applications to collectively improve security, and it’s more likely that the benefits of cyber-security alone significantly outweigh the risks.
“And like any technology, there is an intended use and the potential for misuse. Focusing on the latter ignores the former. AI is a tool, created for people to use, and – whilst it may sometimes have an asymmetrical impact on people’s lives – criminality has always been the minority. Our law enforcement, intelligence, military, and cyber-security agencies and communities are here to make sure it stays that way.”
This communication is general in nature and provided for information/educational purposes only. It does not take into account any specific investment objectives, the financial situation or particular needs of any particular person. It not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful for them to access.
This communication has been prepared by Barclays Private Bank (Barclays) and references to Barclays includes any entity within the Barclays group of companies.
(i) is not research nor a product of the Barclays Research department. Any views expressed in these materials may differ from those of the Barclays Research department. All opinions and estimates are given as of the date of the materials and are subject to change. Barclays is not obliged to inform recipients of these materials of any change to such opinions or estimates;
(ii) is not an offer, an invitation or a recommendation to enter into any product or service and does not constitute a solicitation to buy or sell securities, investment advice or a personal recommendation;
(iii) is confidential and no part may be reproduced, distributed or transmitted without the prior written permission of Barclays; and
(iv) has not been reviewed or approved by any regulatory authority.
Any past or simulated past performance including back-testing, modelling or scenario analysis, or future projections contained in this communication is no indication as to future performance. No representation is made as to the accuracy of the assumptions made in this communication, or completeness of, any modelling, scenario analysis or back-testing. The value of any investment may also fluctuate as a result of market changes.
Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.
Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.