AI-enhanced cybercrime a ‘major new trend’
The cybercrime threat has intensified with artificial intelligence improving the success rate of attacks and offenders buying off-the-shelf hack software, law firm DLA Piper says.
Barriers to entry have been lowered as “ransomware as a service” becomes more prevalent.
“The telltale signs that once would hint at an email phishing attack – spelling mistakes, frequent typos, for instance – have been eradicated using powerful generative AI models, criminal versions of systems like ChatGPT,” the firm says in its report Tech Index 2024: Riding The Next Big Wave.
“You don’t need a team of expert coders to staff an attack. The use of AI by criminals is a major new trend. Action to counter the threat of cybercrime has had little impact on the levels of attacks across the globe.”
Cybercrime is becoming “bolder”, with attacks rising in frequency and sophistication, the report says. Deepfake verification calls are now common as part of phishing attacks.
The threat is also “asymmetrical”, as criminals can launch devastating attacks faster than organisations constrained by “budgets and bureaucracy” can build defences.
AI has allowed criminals to “infect” entire systems by attacking data used in system training. Some threaten to snitch to regulators if victim companies try to keep quiet about an attack, as another way to extort a ransom.
State-sponsored cyberattacks – targeting infrastructure such as energy and water utilities, financial institutions and healthcare systems – are also on the increase.
“The problem is a global concern. Until two years ago, large-scale cyber incidents were rare in Australia. But that has all changed, with high-profile attacks on Optus, the telecoms giant, and Medibank, the private health insurer, both impacting about 9 million individuals.”
The report notes financial services provider Latitude suffered an attack last year affecting an estimated 14 million current and former customers across Australia and New Zealand.
DLA Piper’s Melbourne-based special counsel for intellectual property and technology Sarah Birkett says cyber regulation is being developed at pace in Australia, alongside tougher privacy laws expected to pass next year.
“The government is pledging to make Australia the most cybersecure nation by 2030,” she said.
A global DLA Piper survey of 1200 respondents found only 49% have strong digital security measures in place such as anti-virus software and firewalls, and 55% do not conduct regular risk assessments.