For the third consecutive quarter, Gartner has found that cyber attacks staged using artificial intelligence are the biggest risk for enterprises.
The consulting firm surveyed 286 senior risk and assurance executives from July through September, and 80% cited AI-enhanced malicious attacks as the top threat they were concerned about. This isn’t surprising, as evidence suggests AI-assisted attacks are on the rise.
Other commonly cited emerging risks outlined in the report include AI-assisted misinformation, escalating political polarization, and misaligned organizational talent profiles.
Attackers are using AI to write malware, craft phishing emails, and more
In June, HP intercepted an email campaign spreading malware in the wild with a script that “was highly likely to have been written with the help of GenAI.” The VBScript was neatly structured, and each command had a comment, which would prove an unnecessary effort for a human to write.
The researchers then used GenAI to produce a script and found similar output, suggesting that the original malware was at least partially AI-generated.
SEE: 20% of Generative AI ‘Jailbreak’ Attacks are Successful
The number of business email compromise attacks detected by security firm Vipre in the second quarter was 20% higher than the same period in 2023, and two-fifths of them were generated by AI. The top targets were CEOs, followed by HR and IT personnel.
Usman Choudhary, VIPRE’s chief product and technology officer, said in the press release: “Malefactors are now leveraging sophisticated AI algorithms to craft compelling phishing emails, mimicking the tone and style of legitimate communications.”
Retail sites alone experienced an average of 569,884 AI-driven attacks each day from April to September, according to Imperva Threat Research. Researchers said that tools such as ChatGPT, Claude, and Gemini, as well as special bots that scrape websites for LLM training data, are being used to conduct distributed denial-of-service attacks and business logic abuse, for example.
More ethical hackers are admitting to using GenAI, too, with the proportion increasing from 64% to 77% in the last year, according to a report from BugCrowd. These researchers say it assists with die-channel attacks, fault-injection attacks, and automating parallelized attacks to simultaneously breach multiple devices. But if the ‘good guys’ are finding AI valuable, then so will the bad actors.
The rise in these attacks should not come as a surprise
AI can lower the barrier to entry for cyber crimes, as less-skilled criminals can use it to generate deepfakes, scan networks for entry points, reconnaissance, and more. Researchers at ETH Zurich recently created a model that could solve Google reCAPTCHAv2’s puzzles used to distinguish humans and bots 100% of the time.
Analysts at security firm Radware predicted at the start of the year that this newfound accessibility would lead to the development of private GPT models used for nefarious purposes. They also forecast that the number of zero-day exploits and deepfake scams would increase as malicious actors become more proficient with LLMs and generative adversarial networks.
Indeed, Google’s Mandiant tracked 97 total zero-day vulnerabilities that were discovered and exploited in 2023, marking a 56% increase from a year earlier. Last month, Microsoft listed deepfakes amongst the most significant attack types used by increasingly prolific ransomware groups.
SEE: AI Deepfakes Rising as Risk for APAC Organisations
Executives are also concerned about over-reliance on IT vendors
IT vendor criticality also made it into Gartner’s list of top concerns among senior risk and assurance executives for the first time this quarter.
Zachary Ginsburg, Senior Director of research in the Gartner Risk and Audit Practice, said in a Gartner press release: “Customers with a concentration of services with one vendor may face elevated risk in the event of outages, or they may face unanticipated changes in services depending on new regulations or legal decisions in the EU, U.S. or elsewhere.”
He alluded to July’s CrowdStrike incident, which saw about 8.5 million Windows devices worldwide disabled and caused huge disruption to emergency services, airports, law enforcement agencies, and other essential organizations.
SEE: What is CrowdStrike? Everything You Need to Know
“Because third parties, like SaaS vendors, rely on other vendors, organizations may not realize the full extent of their exposure,” Ginsburg added. Gartner predicts that 45% of businesses globally will have experienced attacks on their software supply chains by 2025.
